Ipc Hdw1X2X Firmware
CVE-2019-9678
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
AnalysisAI
Some Dahua products have the problem of denial of service during the login process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. Affected products include: Dahuasecurity Ipc-Hdw1X2X Firmware, Dahuasecurity Ipc-Hfw1X2X Firmware, Dahuasecurity Ipc-Hdw2X2X Firmware, Dahuasecurity Ipc-Hfw2X2X Firmware, Dahuasecurity Ipc-Hdw4X2X Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ipc Hdw1X2X Firmware
View allThe specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer ov
Some of Dahua's Debug functions do not have permission separation. Rated high severity (CVSS 8.8), this vulnerability is
Some Dahua products have information leakage issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely ex
Online upgrade information in some firmware packages of Dahua products is not encrypted. Rated medium severity (CVSS 5.3
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today