Vulnerabilites related to dahuasecurity - ipc-hfw4x2x_firmware
Vulnerability from fkie_nvd
Published
2019-09-18 19:15
Modified
2024-11-21 04:52
Severity ?
Summary
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2D121-6734-4A00-B591-823AE8E33130",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAFB9C-0BFE-413A-A13B-CB485FC82BF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CD26D-5C5A-4A98-B515-58A26C120E50",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528FE4A4-08D8-4A8F-8437-4606C769CC90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D99315-300F-4FD9-8161-13EACD2B66FC",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A12ECC-377E-48E3-9AD2-3296E9581D16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2561607-9770-4C23-89DD-50B487DA6CBE",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F17B6-FFF9-4118-A7A4-262D3D126953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4CEABA-35D5-4785-A8CA-7216F22A5012",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8460FAC-6AED-4D6F-A6DB-84A4CC278CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D38C378-9D10-48A8-A8EE-FDBB9BE179CD",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08277A58-AE74-43E3-BFD9-10ACFF3180D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC289503-8A59-42A5-97A8-932A1BDA4F00",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9CEDA2A-9E81-46B0-BCBE-CAAB7E050F44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E56F8D5-66DA-4186-AF7E-F2691E4A68C3",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A2CBF7-C132-4EC2-9243-9892784516C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD926583-99C6-4543-AAE5-CD0DFF0007C5",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7924CDDA-609E-4E9A-A8D7-5A5E2973394A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
},
{
"lang": "es",
"value": "Algunos productos Dahua presentan el problema de denegaci\u00f3n de servicio durante el proceso de inicio de sesi\u00f3n. Un atacante puede causar que un dispositivo se bloquee mediante la construcci\u00f3n de un paquete malicioso. Entre los productos afectados se incluyen: IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, IPC-HX, para versiones cuyo tiempo de Compilaci\u00f3n es antes del 18 de Agosto del 2019."
}
],
"id": "CVE-2019-9678",
"lastModified": "2024-11-21T04:52:05.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T19:15:11.470",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 19:15
Modified
2024-11-21 04:52
Severity ?
Summary
The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2D121-6734-4A00-B591-823AE8E33130",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAFB9C-0BFE-413A-A13B-CB485FC82BF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CD26D-5C5A-4A98-B515-58A26C120E50",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528FE4A4-08D8-4A8F-8437-4606C769CC90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D99315-300F-4FD9-8161-13EACD2B66FC",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A12ECC-377E-48E3-9AD2-3296E9581D16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2561607-9770-4C23-89DD-50B487DA6CBE",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F17B6-FFF9-4118-A7A4-262D3D126953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4CEABA-35D5-4785-A8CA-7216F22A5012",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8460FAC-6AED-4D6F-A6DB-84A4CC278CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D38C378-9D10-48A8-A8EE-FDBB9BE179CD",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08277A58-AE74-43E3-BFD9-10ACFF3180D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC289503-8A59-42A5-97A8-932A1BDA4F00",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9CEDA2A-9E81-46B0-BCBE-CAAB7E050F44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E56F8D5-66DA-4186-AF7E-F2691E4A68C3",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A2CBF7-C132-4EC2-9243-9892784516C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD926583-99C6-4543-AAE5-CD0DFF0007C5",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7924CDDA-609E-4E9A-A8D7-5A5E2973394A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
},
{
"lang": "es",
"value": "Los campos espec\u00edficos de la interfaz CGI de algunos productos Dahua no est\u00e1n estrictamente verificados, un atacante puede causar un desbordamiento del b\u00fafer mediante la construcci\u00f3n de paquetes maliciosos. Entre los productos afectados se incluyen: IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, IPC-HX, para versiones cuyo tiempo de Compilaci\u00f3n es antes del 18 de Agosto del 2019."
}
],
"id": "CVE-2019-9677",
"lastModified": "2024-11-21T04:52:05.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T19:15:10.297",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 19:15
Modified
2024-11-21 04:52
Severity ?
Summary
Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2D121-6734-4A00-B591-823AE8E33130",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAFB9C-0BFE-413A-A13B-CB485FC82BF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CD26D-5C5A-4A98-B515-58A26C120E50",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528FE4A4-08D8-4A8F-8437-4606C769CC90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D99315-300F-4FD9-8161-13EACD2B66FC",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A12ECC-377E-48E3-9AD2-3296E9581D16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2561607-9770-4C23-89DD-50B487DA6CBE",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F17B6-FFF9-4118-A7A4-262D3D126953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4CEABA-35D5-4785-A8CA-7216F22A5012",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8460FAC-6AED-4D6F-A6DB-84A4CC278CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D38C378-9D10-48A8-A8EE-FDBB9BE179CD",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08277A58-AE74-43E3-BFD9-10ACFF3180D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC289503-8A59-42A5-97A8-932A1BDA4F00",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9CEDA2A-9E81-46B0-BCBE-CAAB7E050F44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E56F8D5-66DA-4186-AF7E-F2691E4A68C3",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A2CBF7-C132-4EC2-9243-9892784516C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD926583-99C6-4543-AAE5-CD0DFF0007C5",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7924CDDA-609E-4E9A-A8D7-5A5E2973394A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some of Dahua\u0027s Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."
},
{
"lang": "es",
"value": "Algunas de las funciones de Depuraci\u00f3n de Dahua no poseen separaci\u00f3n de permisos. Usuarios poco privilegiados pueden usar la funci\u00f3n de Depuraci\u00f3n despu\u00e9s de iniciar sesi\u00f3n. Los productos afectados incluyen: IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDBW4X2X, IPC-HDBW4X2X, IPC-HDBW4X2X -HFW5X2X, para versiones cuyo tiempo de Compilaci\u00f3n es antes del 18 de agosto de 2019."
}
],
"id": "CVE-2019-9679",
"lastModified": "2024-11-21T04:52:06.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T19:15:11.533",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-17 17:15
Modified
2024-11-21 04:52
Severity ?
Summary
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2D121-6734-4A00-B591-823AE8E33130",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAFB9C-0BFE-413A-A13B-CB485FC82BF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CD26D-5C5A-4A98-B515-58A26C120E50",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528FE4A4-08D8-4A8F-8437-4606C769CC90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D99315-300F-4FD9-8161-13EACD2B66FC",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A12ECC-377E-48E3-9AD2-3296E9581D16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2561607-9770-4C23-89DD-50B487DA6CBE",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F17B6-FFF9-4118-A7A4-262D3D126953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4CEABA-35D5-4785-A8CA-7216F22A5012",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8460FAC-6AED-4D6F-A6DB-84A4CC278CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D38C378-9D10-48A8-A8EE-FDBB9BE179CD",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08277A58-AE74-43E3-BFD9-10ACFF3180D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC289503-8A59-42A5-97A8-932A1BDA4F00",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9CEDA2A-9E81-46B0-BCBE-CAAB7E050F44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E56F8D5-66DA-4186-AF7E-F2691E4A68C3",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A2CBF7-C132-4EC2-9243-9892784516C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD926583-99C6-4543-AAE5-CD0DFF0007C5",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7924CDDA-609E-4E9A-A8D7-5A5E2973394A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."
},
{
"lang": "es",
"value": "La informaci\u00f3n de actualizaci\u00f3n en l\u00ednea en algunos paquetes de firmware de productos Dahua no est\u00e1 encriptada. Los atacantes pueden obtener esta informaci\u00f3n mediante el an\u00e1lisis de paquetes de firmware por medios espec\u00edficos. Los productos afectados incluyen: IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, IPC-HX2, para versiones cuyo tiempo de compilaci\u00f3n es antes del 18 de agosto de 2019."
}
],
"id": "CVE-2019-9681",
"lastModified": "2024-11-21T04:52:06.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T17:15:12.707",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-18 19:15
Modified
2024-11-21 04:52
Severity ?
Summary
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/637 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E2D121-6734-4A00-B591-823AE8E33130",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAAFB9C-0BFE-413A-A13B-CB485FC82BF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31CD26D-5C5A-4A98-B515-58A26C120E50",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw1x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528FE4A4-08D8-4A8F-8437-4606C769CC90",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D99315-300F-4FD9-8161-13EACD2B66FC",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23A12ECC-377E-48E3-9AD2-3296E9581D16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2561607-9770-4C23-89DD-50B487DA6CBE",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3F17B6-FFF9-4118-A7A4-262D3D126953",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4CEABA-35D5-4785-A8CA-7216F22A5012",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8460FAC-6AED-4D6F-A6DB-84A4CC278CA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D38C378-9D10-48A8-A8EE-FDBB9BE179CD",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08277A58-AE74-43E3-BFD9-10ACFF3180D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC289503-8A59-42A5-97A8-932A1BDA4F00",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9CEDA2A-9E81-46B0-BCBE-CAAB7E050F44",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E56F8D5-66DA-4186-AF7E-F2691E4A68C3",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A2CBF7-C132-4EC2-9243-9892784516C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x2x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD926583-99C6-4543-AAE5-CD0DFF0007C5",
"versionEndExcluding": "2019-08-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x2x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7924CDDA-609E-4E9A-A8D7-5A5E2973394A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
},
{
"lang": "es",
"value": "Algunos productos Dahua tienen problemas de filtraci\u00f3n de informaci\u00f3n. Los atacantes pueden obtener la direcci\u00f3n IP y la informaci\u00f3n del modelo del dispositivo construyendo paquetes de datos maliciosos. Entre los productos afectados se incluyen: IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, IPC-HX, para versiones cuyo tiempo de Compilaci\u00f3n es antes del 18 de Agosto del 2019."
}
],
"id": "CVE-2019-9680",
"lastModified": "2024-11-21T04:52:06.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T19:15:11.580",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-9679 (GCVE-0-2019-9679)
Vulnerability from cvelistv5
Published
2019-09-18 18:32
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/637 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua Technology | IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X |
Version: Versions which Build time before August 18 2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"vendor": "Dahua Technology",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before August 18 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some of Dahua\u0027s Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T18:32:15",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2019-9679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before August 18 2019"
}
]
}
}
]
},
"vendor_name": "Dahua Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some of Dahua\u0027s Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/637",
"refsource": "CONFIRM",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2019-9679",
"datePublished": "2019-09-18T18:32:15",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9681 (GCVE-0-2019-9681)
Vulnerability from cvelistv5
Published
2019-09-17 16:02
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Leakage
Summary
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/637 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua | IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X |
Version: Versions which Build time before August 18 2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before August 18 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-17T16:02:18",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2019-9681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before August 18 2019"
}
]
}
}
]
},
"vendor_name": "Dahua"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/637",
"refsource": "CONFIRM",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2019-9681",
"datePublished": "2019-09-17T16:02:18",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9680 (GCVE-0-2019-9680)
Vulnerability from cvelistv5
Published
2019-09-18 18:36
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Leakage
Summary
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/637 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua Technology | IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X |
Version: Versions which Build time before August 18 2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"vendor": "Dahua Technology",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before August 18 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T18:36:13",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2019-9680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before August 18 2019"
}
]
}
}
]
},
"vendor_name": "Dahua Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/637",
"refsource": "CONFIRM",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2019-9680",
"datePublished": "2019-09-18T18:36:13",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9678 (GCVE-0-2019-9678)
Vulnerability from cvelistv5
Published
2019-09-18 18:42
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/637 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua Technology | IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X |
Version: Versions which Build time before August 18 2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"vendor": "Dahua Technology",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before August 18 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T18:42:45",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2019-9678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before August 18 2019"
}
]
}
}
]
},
"vendor_name": "Dahua Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/637",
"refsource": "CONFIRM",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2019-9678",
"datePublished": "2019-09-18T18:42:45",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9677 (GCVE-0-2019-9677)
Vulnerability from cvelistv5
Published
2019-09-18 18:46
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/637 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua Technology | IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X |
Version: Versions which Build time before August 18 2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"vendor": "Dahua Technology",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before August 18 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T18:46:29",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2019-9677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before August 18 2019"
}
]
}
}
]
},
"vendor_name": "Dahua Technology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/637",
"refsource": "CONFIRM",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2019-9677",
"datePublished": "2019-09-18T18:46:29",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}