Ipc Hdbw2431E S S2 Firmware
CVE-2022-30560
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
AnalysisAI
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. Affected products include: Dahuasecurity Ipc-Hdbw2431E-S-S2 Firmware, Dahuasecurity Ipc-Hdbw2831E-S-S2 Firmware, Dahuasecurity Ipc-Hdbw2230E-S-S2 Firmware, Dahuasecurity Ipc-Hdbw2831R-Zs-S2 Firmware, Dahuasecurity Ipc-Hdbw2831R-Zas-S2 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ipc Hdbw2431E S S2 Firmware
View allWhen an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker coul
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a ma
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today