When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
NVD-CWE-noinfo
CVE-2022-30561
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user’s login packet.
CVE-2022-30563
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet.
CVE-2022-30564
Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.
CVE-2022-30570
The Column Based Security component of TIBCO Software Inc.’s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.
CVE-2022-30573
The ftlserver component of TIBCO Software Inc.’s TIBCO FTL – Community Edition, TIBCO FTL – Developer Edition, TIBCO FTL – Enterprise Edition, and TIBCO FTL – Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.’s TIBCO FTL – Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL – Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL – Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO FTL – Enterprise Edition: version 6.8.0.