Skip to main content

Nvr4104 4Ks2 L Firmware CVE-2024-39944

HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2024-07-31 cybersecurity@dahuatech.com
Denial Of Service Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware Nvr4104 P 4Ks2 L Firmware Nvr4108 P 4Ks2 L Firmware Nvr4108 8P 4Ks2 L Firmware Nvr4116 8P 4Ks2 L Firmware Nvr4104Hs 4Ks2 L Firmware Nvr4108Hs 4Ks2 L Firmware Nvr4104Hs P 4Ks2 L Firmware Nvr4108Hs P 4Ks2 L Firmware Nvr4108Hs 8P 4Ks2 L Firmware Nvr4116Hs 8P 4Ks2 L Firmware Nvr4204 4Ks2 L Firmware Nvr4208 4Ks2 L Firmware Nvr4216 4Ks2 L Firmware Nvr4204 P 4Ks2 L Firmware Nvr4208 8P 4Ks2 L Firmware Nvr4216 16P 4Ks2 L Firmware Nvr4232 4Ks2 L Firmware Nvr4232 16P 4Ks2 L Firmware Nvr4116Hs 4Ks2 L Firmware Nvr4416 4Ks2 I Firmware Nvr4416 16P 4Ks2 I Firmware Nvr4432 16P 4Ks2 I Firmware Nvr4816 4Ks2 I Firmware Nvr4816 16P 4Ks2 I Firmware Nvr4832 4Ks2 I Firmware Nvr4832 16P 4Ks2 I Firmware Nvr4432 4Ks2 I Firmware Nvr4232 4Ks3 Firmware Nvr4232 16P 4Ks3 Firmware Nvr4216 4Ks3 Firmware Nvr4216 16P 4Ks3 Firmware Nvr4208 8P 4Ks3 Firmware Nvr4208 4Ks3 Firmware Nvr4204 P 4Ks3 Firmware Nvr4204 4Ks3 Firmware Nvr4116Hs 8P 4Ks3 Firmware Nvr4116Hs 4Ks3 Firmware Nvr4108Hs P 4Ks3 Firmware Nvr4108Hs 8P 4Ks3 Firmware Nvr4108Hs 4Ks3 Firmware Nvr4104Hs P 4Ks3 Firmware Nvr4104Hs 4Ks3 Firmware Nvr4116 8P 4Ks3 Firmware Nvr4116 4Ks3 Firmware Nvr4108 P 4Ks3 Firmware Nvr4104 4Ks3 Firmware Nvr4108 8P 4Ks3 Firmware Nvr4108 4Ks3 Firmware Nvr4104 P 4Ks3 Firmware Nvr4104Hs P 4Ks3 960G Firmware Nvr4104Hs 4Ks3 960G Firmware Nvr4108Hs 4Ks3 960G Firmware Nvr4104 P 4Ks3 960G Firmware Ipc Hfs8849G Z3 Led Firmware Ipc Hfs8449G Z7 Led Firmware
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 31, 2024 - 04:15 nvd
HIGH 7.5

DescriptionNVD

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

AnalysisAI

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. Affected products include: Dahuasecurity Nvr4104-4Ks2\/L Firmware, Dahuasecurity Nvr4108-4Ks2\/L Firmware, Dahuasecurity Nvr4116-4Ks2\/L Firmware, Dahuasecurity Nvr4104-P-4Ks2\/L Firmware, Dahuasecurity Nvr4108-P-4Ks2\/L Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.

Share

CVE-2024-39944 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy