Vulnerabilites related to dahuasecurity - ipc-hdw1xxx
CVE-2017-9315 (GCVE-0-2017-9315)
Vulnerability from cvelistv5
Published
2017-11-28 19:00
Modified
2024-09-17 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- risk of sensitive information leakage
Summary
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
"vendor": "Dahua Technologies",
"versions": [
{
"status": "affected",
"version": "Versions Build between 2015/07 and 2017/03"
}
]
}
],
"datePublic": "2017-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "risk of sensitive information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T18:57:01",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"DATE_PUBLIC": "2017-11-10T00:00:00",
"ID": "CVE-2017-9315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
"version": {
"version_data": [
{
"version_value": "Versions Build between 2015/07 and 2017/03"
}
]
}
}
]
},
"vendor_name": "Dahua Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "risk of sensitive information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html",
"refsource": "CONFIRM",
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2017-9315",
"datePublished": "2017-11-28T19:00:00Z",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-09-17T02:31:08.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9676 (GCVE-0-2019-9676)
Vulnerability from cvelistv5
Published
2019-06-12 14:12
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer overflow
Summary
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/617 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX |
Version: Build before 2018/11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Build before 2018/11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-12T14:12:03",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2019-9676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX",
"version": {
"version_data": [
{
"version_value": "Build before 2018/11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/617",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2019-9676",
"datePublished": "2019-06-12T14:12:03",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-11-28 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE24E587-F024-434C-8896-963EF6365DFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95768203-C18D-48A4-ABFD-B0CBB1089542",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2744338-2C47-4AE2-A357-B111413DA3C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4B5CB1-F578-4A34-9134-909EB47A6A79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw1xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3365390-933F-4C20-99E9-F37BF1801757",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw1xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F39A03-A875-42D4-9F7B-3C8304A47F75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B165D7E8-4076-44F2-AF5C-B080BB8DFC99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317F6509-E1DE-43B5-934C-12A922B41DDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "384003F9-F87D-4E60-B30B-C46AB14CE0E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw2xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB77CAA7-8DD8-40F2-9E51-F89684D6A529",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw2xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD52A575-189E-45CD-8409-60FCFA9C9104",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw2xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1C5CFD-4478-4A4E-8EFC-831DC6D024A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAF151C-A17E-4285-A67C-4BD0C92DC7BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFDC39A-E3C1-44F5-B7C8-DF8CADBFD164",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4505B8FD-484F-469B-A107-E19D6ACA370C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48919159-9AB6-4E6C-9F52-3DA0C20AD311",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D448B1-4DEA-417F-A481-8508EC93CE6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5855375E-7076-4673-ABD6-68D52AC6E3AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hf5xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF482D7C-2E93-484F-B2CF-83A1CD90391A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hf5xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA32590-DDA8-4AF7-9726-3AE948169F2C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "901EB778-1C4C-4263-B7BA-C23FA30F83FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21F950CB-744F-41FF-8AB9-B04D9DD98137",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFCB56DD-7E27-497F-89F3-608FB0EEF1A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F73AB75-CA0C-4637-833F-321E734379AD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw5xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77CB6549-619B-4073-9285-4D814D5C41DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw5xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A4F9A7-6E9E-4081-8028-3AF07BC3984C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8956722A-BBF6-4894-A54D-A30719023CE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hf8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CCA2F9-11FA-4628-ABA5-BBDF2AD1B381",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw8xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B75682D0-F7CE-4C7A-A976-26FB9CB57C6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF4396B-731D-4974-A637-DB5DD6BBC118",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw8xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "884D3DF3-D215-4F40-844E-EFDA911ECC4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D317690B-8B4F-4AA6-ACFE-6AD0FBF83019",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-ebw8xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "897B0D4B-CFBB-48FB-8E0A-DC2E8AB2C9FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-ebw8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5974C7A-BDB8-4D70-839E-0610B4CF3ED5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-pfw8xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9E916E-27B1-474F-B8A5-75648C47B10E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-pfw8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42A9D46F-B7AA-4676-81E3-270E1F75B2FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dh-sd2xxxxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B62AED-E282-4ABB-BE4C-0CA0B220B745",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dh-sd2xxxxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0121F6-C477-4807-A363-559D458DF338",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-pdbw8xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEBCB12-C48A-48E3-BADC-796CEBF78D47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-pdbw8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9482CF5F-E64F-47BF-BC88-D031E954B574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hum8xxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B85237D9-2BB8-4C90-A7F7-F4BDE0C8A023",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hum8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59624353-3DC1-4836-8880-CC8C036400C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:psd8xxxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A55BC8BF-6AEE-498B-8103-557678D6AAF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:psd8xxxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC924F-869B-4441-AECC-62B6F86D6B7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dh-sd4xxxxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79A48D20-0206-4D9E-AB6F-5AB5F437012E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dh-sd4xxxxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "072DC6D9-0089-4A4C-8457-D40E8C189930",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dh-sd5xxxxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93D6FAE3-3FC2-4E60-98F9-9BE5B3C6001E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dh-sd5xxxxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88E0E2DE-11AB-4564-A2C9-A39467688379",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dh-sd6xxxxx_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E998E1F-6DF3-49C7-9A03-9C2FCBA3FB23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dh-sd6xxxxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9E2C4E-4D99-4CB7-B332-EACB5504A752",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
},
{
"lang": "es",
"value": "\u003eLos clientes de las c\u00e1maras Dahua IP o IP PTZ podr\u00edan enviar informaci\u00f3n relevante del dispositivo para recibir una contrase\u00f1a temporal limitada temporalmente por un distribuidor autorizado de Dahua para restablecer la contrase\u00f1a de administrador. El algoritmo empleado en este mecanismo est\u00e1 potencialmente en riesgo de verse comprometido y, consecuentemente, empleado por el atacante."
}
],
"id": "CVE-2017-9315",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-28T19:29:00.400",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-12 15:29
Modified
2024-11-21 04:52
Severity ?
Summary
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/617 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/617 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dahuasecurity | ipc-hfw1xxx_firmware | * | |
| dahuasecurity | ipc-hfw1xxx | - | |
| dahuasecurity | ipc-hdw1xxx_firmware | * | |
| dahuasecurity | ipc-hdw1xxx | - | |
| dahuasecurity | ipc-hfw2xxx_firmware | * | |
| dahuasecurity | ipc-hfw2xxx | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF3492E-5F52-4A3E-AF88-31C3C4594FCD",
"versionEndExcluding": "2018-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw1xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "720C96F1-0285-483A-8C2F-C3028B0DC552",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9ABD96-A931-4FB8-8BAE-4BC660746765",
"versionEndExcluding": "2018-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4B5CB1-F578-4A34-9134-909EB47A6A79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FFD8AC9-7991-4D28-B95E-D0F49D255915",
"versionEndExcluding": "2018-11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "317F6509-E1DE-43B5-934C-12A922B41DDD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer encontrada en algunos dispositivos de c\u00e1mara IP Dahua IPC-HFW1XXX, IPC-HDW1XXX, IPC-HFW2XXX Compilaci\u00f3n antes del 2018/11. La vulnerabilidad se encuentra en la funci\u00f3n de redireccionamiento de la informaci\u00f3n de impresi\u00f3n del puerto serie, que no puede ser utilizada por las funciones b\u00e1sicas del producto. Despu\u00e9s de que un atacante inicia sesi\u00f3n localmente, esta vulnerabilidad puede ser explotada para provocar el reinicio del dispositivo o la ejecuci\u00f3n de c\u00f3digo arbitrario. Dahua identific\u00f3 los problemas de seguridad correspondientes en el proceso de auditor\u00eda de c\u00f3digo est\u00e1tico, por lo que gradualmente elimin\u00f3 esta funci\u00f3n, que ya no est\u00e1 disponible en los dispositivos y software m\u00e1s nuevos. Dahua ha lanzado versiones de los productos afectados para corregir la vulnerabilidad."
}
],
"id": "CVE-2019-9676",
"lastModified": "2024-11-21T04:52:05.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-12T15:29:00.957",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201906-0243
Vulnerability from variot
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. Dahua IPC-HFW1XXX , IPC-HDW1XXX , IPC-HFW2XXX The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaIPC-HFW1XXX and so on are all IP cameras from Dahua, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hfw1xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2018-11"
},
{
"model": "ipc-hdw1xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2018-11"
},
{
"model": "ipc-hfw2xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2018-11"
},
{
"model": "ipc-hdw1xxx",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2018/11"
},
{
"model": "ipc-hfw1xxx",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2018/11"
},
{
"model": "ipc-hfw2xxx",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2018/11"
},
{
"model": "ipc-hdw1xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw1xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hdw1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hfw1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hfw2xxx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
}
]
},
"cve": "CVE-2019-9676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9676",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-17496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-9676",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9676",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-9676",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-17496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-556",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. Dahua IPC-HFW1XXX , IPC-HDW1XXX , IPC-HFW2XXX The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaIPC-HFW1XXX and so on are all IP cameras from Dahua, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNVD",
"id": "CNVD-2019-17496"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9676",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-17496",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"id": "VAR-201906-0243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
}
],
"trust": 1.1944444333333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
}
]
},
"last_update_date": "2024-11-23T22:44:58.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory - Buffer overflow vulnerability found in some Dahua IP Camera devices",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
},
{
"title": "Patch for DahuaIPC-HFW1XXX, IPC-HDW1XXX, and IPC-HFW2XXX Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/163559"
},
{
"title": "Dahua IPC-HFW1XXX , IPC-HDW1XXX and IPC-HFW2XXX Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93789"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"date": "2019-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-556"
},
{
"date": "2019-06-12T15:29:00.957000",
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-556"
},
{
"date": "2024-11-21T04:52:05.710000",
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dahua IP Camera Buffer error vulnerability in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
],
"trust": 0.6
}
}
var-201711-1047
Vulnerability from variot
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. Dahua IP Camera and IP PTZ Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack. Dahua IPC-HFW and others are network camera equipment of Dahua Company of China. There are security vulnerabilities in several Dahua products. An attacker could use this vulnerability to reset the administrator password. Dahua IPC-HFW, etc. The following products are affected: Dahua IPC-HFW1XXX Build 2015/07 to 2017/03; IPC-HDW1XXX Build 2015/07 to 2017/03; IPC-HDBW1XXX Build 2015/07 to 2017/03; IPC- HFW2XXX Build 2015/07 to 2017/03; IPC-HDW2XXX Build 2015/07 to 2017/03; IPC-HDBW2XXX Build 2015/07 to 2017/03; IPC-HFW4XXX Build 2015/07 to 2017 /03 version; IPC-HDW4XXX Build 2015/07 to 2017/03 version; IPC-HDBW4XXX Build 2015/07 to 2017/03 version; IPC-HF5XXX Build 2015/07 to 2017/03 version; IPC-HFW5XXX Build 2015/07 to 2017/03; IPC-HDW5XXX Build 2015/07 to 2017/03; IPC-HDBW5XXX Build 2015/07 to 2017/03; IPC-HF8XXX Build 2015/07 to 2017/03 Version; IPC-HFW8XXX Build 2015/07 to 2017/03; IPC-HDBW8XXX Build 2015/07 to 2017/03; IPC-EBW8XXX Build 2015/07 to 2017/03; IPC-PFW8xxx Build 2015/ 07 version to 2017/03 version; IPC-PDBW8xxx Build 2015/07 version to 2017/03 version; IPC-HUM8xxx Build 2015/07 version to 2017/03 version
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ipc-hfw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hfw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hfw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hf5xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hfw5xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "psd8xxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "dh-sd5xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdw5xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "dh-sd4xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-pdbw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hf8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-ebw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-pfw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "dh-sd2xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hfw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "dh-sd6xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw5xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "ipc-hum8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"_id": null,
"model": "dh-ipc-hdw1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "dh-ipc-hdw2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "dh-ipc-hdw4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "dh-ipc-hfw1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "dh-sd2xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "dh-sd4xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "dh-sd5xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "dh-sd6xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-ebw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hdbw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hdw5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hf5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hf8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hfw2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hfw4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hfw5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hfw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-hum8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-pdbw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ipc-pfw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "psd8xxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "ip camera",
"scope": null,
"trust": 0.7,
"vendor": "dahua",
"version": null
},
{
"_id": null,
"model": "security ipc-hf5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hfw5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdw5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdbw5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hf8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hfw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdbw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-ebw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-pfw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-pdbw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hum8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security psd",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hfw1xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdw1xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdbw1xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hfw2xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdw2xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdbw2xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hfw4xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security ipc-hdw4xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security dh-sd6xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security dh-sd5xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security dh-sd4xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"_id": null,
"model": "security dh-sd2xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdw1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdw2xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdw4xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hfw1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd2xxxxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd4xxxxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd5xxxxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd6xxxxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-ebw8xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hdbw1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hdbw2xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hdbw4xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hdbw5xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hdbw8xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hdw5xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hf5xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hf8xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hfw2xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hfw4xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hfw5xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hfw8xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hum8xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-pdbw8xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-pfw8xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:psd8xxxx_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
}
]
},
"credits": {
"_id": null,
"data": "Kenney Lu Trend Micro",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
}
],
"trust": 0.7
},
"cve": "CVE-2017-9315",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9315",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9315",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-38224",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-117518",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9315",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9315",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9315",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2017-9315",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-38224",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1393",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
}
]
},
"description": {
"_id": null,
"data": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. Dahua IP Camera and IP PTZ Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack. Dahua IPC-HFW and others are network camera equipment of Dahua Company of China. There are security vulnerabilities in several Dahua products. An attacker could use this vulnerability to reset the administrator password. Dahua IPC-HFW, etc. The following products are affected: Dahua IPC-HFW1XXX Build 2015/07 to 2017/03; IPC-HDW1XXX Build 2015/07 to 2017/03; IPC-HDBW1XXX Build 2015/07 to 2017/03; IPC- HFW2XXX Build 2015/07 to 2017/03; IPC-HDW2XXX Build 2015/07 to 2017/03; IPC-HDBW2XXX Build 2015/07 to 2017/03; IPC-HFW4XXX Build 2015/07 to 2017 /03 version; IPC-HDW4XXX Build 2015/07 to 2017/03 version; IPC-HDBW4XXX Build 2015/07 to 2017/03 version; IPC-HF5XXX Build 2015/07 to 2017/03 version; IPC-HFW5XXX Build 2015/07 to 2017/03; IPC-HDW5XXX Build 2015/07 to 2017/03; IPC-HDBW5XXX Build 2015/07 to 2017/03; IPC-HF8XXX Build 2015/07 to 2017/03 Version; IPC-HFW8XXX Build 2015/07 to 2017/03; IPC-HDBW8XXX Build 2015/07 to 2017/03; IPC-EBW8XXX Build 2015/07 to 2017/03; IPC-PFW8xxx Build 2015/ 07 version to 2017/03 version; IPC-PDBW8xxx Build 2015/07 version to 2017/03 version; IPC-HUM8xxx Build 2015/07 version to 2017/03 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-9315",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4956",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-130",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38224",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-117518",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
}
]
},
"id": "VAR-201711-1047",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
}
],
"trust": 1.580443946875
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38224"
}
]
},
"last_update_date": "2024-11-23T22:56:02.974000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
},
{
"title": "Dahua Technology has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www.dahuasecurity.com/Support/Cybersecurity/annoucementNotice/152"
},
{
"title": "Patches for multiple Dahua product password reset vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/111791"
},
{
"title": "Multiple Dahua Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99835"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9315"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9315"
},
{
"trust": 0.7,
"url": "http://www.dahuasecurity.com/support/cybersecurity/annoucementnotice/152"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-18-130",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-38224",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-117518",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-9315",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "ZDI",
"id": "ZDI-18-130",
"ident": null
},
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38224",
"ident": null
},
{
"date": "2017-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-117518",
"ident": null
},
{
"date": "2018-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011143",
"ident": null
},
{
"date": "2017-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1393",
"ident": null
},
{
"date": "2017-11-28T19:29:00.400000",
"db": "NVD",
"id": "CVE-2017-9315",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "ZDI",
"id": "ZDI-18-130",
"ident": null
},
{
"date": "2017-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38224",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-117518",
"ident": null
},
{
"date": "2018-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011143",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1393",
"ident": null
},
{
"date": "2024-11-21T03:35:49.310000",
"db": "NVD",
"id": "CVE-2017-9315",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Dahua IP Camera and IP PTZ Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
],
"trust": 0.6
}
}