Skip to main content

Nvr4104 4Ks2 L Firmware CVE-2024-39950

CRITICAL
Stack-based Buffer Overflow (CWE-121)
2024-07-31 cybersecurity@dahuatech.com
Buffer Overflow Stack Overflow Dahua Nvr4104 4Ks2 L Firmware Nvr4108 4Ks2 L Firmware Nvr4116 4Ks2 L Firmware Nvr4104 P 4Ks2 L Firmware Nvr4108 P 4Ks2 L Firmware Nvr4108 8P 4Ks2 L Firmware Nvr4116 8P 4Ks2 L Firmware Nvr4104Hs 4Ks2 L Firmware Nvr4108Hs 4Ks2 L Firmware Nvr4104Hs P 4Ks2 L Firmware Nvr4108Hs P 4Ks2 L Firmware Nvr4108Hs 8P 4Ks2 L Firmware Nvr4116Hs 8P 4Ks2 L Firmware Nvr4204 4Ks2 L Firmware Nvr4208 4Ks2 L Firmware Nvr4216 4Ks2 L Firmware Nvr4204 P 4Ks2 L Firmware Nvr4208 8P 4Ks2 L Firmware Nvr4216 16P 4Ks2 L Firmware Nvr4232 4Ks2 L Firmware Nvr4232 16P 4Ks2 L Firmware Nvr4116Hs 4Ks2 L Firmware Nvr4416 4Ks2 I Firmware Nvr4416 16P 4Ks2 I Firmware Nvr4432 16P 4Ks2 I Firmware Nvr4816 4Ks2 I Firmware Nvr4816 16P 4Ks2 I Firmware Nvr4832 4Ks2 I Firmware Nvr4832 16P 4Ks2 I Firmware Nvr4432 4Ks2 I Firmware Nvr4232 4Ks3 Firmware Nvr4232 16P 4Ks3 Firmware Nvr4216 4Ks3 Firmware Nvr4216 16P 4Ks3 Firmware Nvr4208 8P 4Ks3 Firmware Nvr4208 4Ks3 Firmware Nvr4204 P 4Ks3 Firmware Nvr4204 4Ks3 Firmware Nvr4116Hs 8P 4Ks3 Firmware Nvr4116Hs 4Ks3 Firmware Nvr4108Hs P 4Ks3 Firmware Nvr4108Hs 8P 4Ks3 Firmware Nvr4108Hs 4Ks3 Firmware Nvr4104Hs P 4Ks3 Firmware Nvr4104Hs 4Ks3 Firmware Nvr4116 8P 4Ks3 Firmware Nvr4116 4Ks3 Firmware Nvr4108 P 4Ks3 Firmware Nvr4104 4Ks3 Firmware Nvr4108 8P 4Ks3 Firmware Nvr4108 4Ks3 Firmware Nvr4104 P 4Ks3 Firmware Nvr4104Hs P 4Ks3 960G Firmware Nvr4104Hs 4Ks3 960G Firmware Nvr4108Hs 4Ks3 960G Firmware Nvr4104 P 4Ks3 960G Firmware Ipc Hfs8849G Z3 Led Firmware Ipc Hfs8449G Z7 Led Firmware
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 31, 2024 - 04:15 nvd
CRITICAL 9.8

DescriptionNVD

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.

AnalysisAI

A vulnerability has been found in Dahua products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-121. A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. Affected products include: Dahuasecurity Nvr4104-4Ks2\/L Firmware, Dahuasecurity Nvr4108-4Ks2\/L Firmware, Dahuasecurity Nvr4116-4Ks2\/L Firmware, Dahuasecurity Nvr4104-P-4Ks2\/L Firmware, Dahuasecurity Nvr4108-P-4Ks2\/L Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2024-39950 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy