CVE-2019-9680 (GCVE-0-2019-9680)
Vulnerability from cvelistv5
Published
2019-09-18 18:36
Modified
2024-08-04 21:54
Severity ?
CWE
  • Information Leakage
Summary
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
References
cybersecurity@dahuatech.comhttps://www.dahuasecurity.com/support/cybersecurity/details/637Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dahuasecurity.com/support/cybersecurity/details/637Patch, Vendor Advisory
Impacted products
Vendor Product Version
Dahua Technology IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X Version: Versions which Build time before August 18 2019
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:54:45.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
          "vendor": "Dahua Technology",
          "versions": [
            {
              "status": "affected",
              "version": "Versions which Build time before August 18 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Leakage",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-18T18:36:13",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "ID": "CVE-2019-9680",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions which Build time before August 18 2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dahua Technology"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Leakage"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dahuasecurity.com/support/cybersecurity/details/637",
              "refsource": "CONFIRM",
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2019-9680",
    "datePublished": "2019-09-18T18:36:13",
    "dateReserved": "2019-03-11T00:00:00",
    "dateUpdated": "2024-08-04T21:54:45.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-9680\",\"sourceIdentifier\":\"cybersecurity@dahuatech.com\",\"published\":\"2019-09-18T19:15:11.580\",\"lastModified\":\"2024-11-21T04:52:06.160\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.\"},{\"lang\":\"es\",\"value\":\"Algunos productos Dahua tienen problemas de filtraci\u00f3n de informaci\u00f3n. Los atacantes pueden obtener la direcci\u00f3n IP y la informaci\u00f3n del modelo del dispositivo construyendo paquetes de datos maliciosos. Entre los productos afectados se incluyen: IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, IPC-HX, para versiones cuyo tiempo de Compilaci\u00f3n es antes del 18 de Agosto del 2019.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw1x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"C6E2D121-6734-4A00-B591-823AE8E33130\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdw1x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAAFB9C-0BFE-413A-A13B-CB485FC82BF6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw1x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"D31CD26D-5C5A-4A98-B515-58A26C120E50\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hfw1x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528FE4A4-08D8-4A8F-8437-4606C769CC90\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw2x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"45D99315-300F-4FD9-8161-13EACD2B66FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdw2x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23A12ECC-377E-48E3-9AD2-3296E9581D16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw2x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"C2561607-9770-4C23-89DD-50B487DA6CBE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hfw2x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC3F17B6-FFF9-4118-A7A4-262D3D126953\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"BC4CEABA-35D5-4785-A8CA-7216F22A5012\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdw4x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8460FAC-6AED-4D6F-A6DB-84A4CC278CA3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw4x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"3D38C378-9D10-48A8-A8EE-FDBB9BE179CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hfw4x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08277A58-AE74-43E3-BFD9-10ACFF3180D8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw4x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"AC289503-8A59-42A5-97A8-932A1BDA4F00\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdbw4x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9CEDA2A-9E81-46B0-BCBE-CAAB7E050F44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw5x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"3E56F8D5-66DA-4186-AF7E-F2691E4A68C3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdw5x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A2CBF7-C132-4EC2-9243-9892784516C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw5x2x_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019-08-18\",\"matchCriteriaId\":\"AD926583-99C6-4543-AAE5-CD0DFF0007C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hfw5x2x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7924CDDA-609E-4E9A-A8D7-5A5E2973394A\"}]}]}],\"references\":[{\"url\":\"https://www.dahuasecurity.com/support/cybersecurity/details/637\",\"source\":\"cybersecurity@dahuatech.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.dahuasecurity.com/support/cybersecurity/details/637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.