← Back to CVEs
CVE-2019-9681
MEDIUM5.3
Description
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
CVE Details
CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published9/17/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
dahuasecurity:ipc-hdbw4x2xdahuasecurity:ipc-hdbw4x2x_firmwaredahuasecurity:ipc-hdw1x2xdahuasecurity:ipc-hdw1x2x_firmwaredahuasecurity:ipc-hdw2x2xdahuasecurity:ipc-hdw2x2x_firmwaredahuasecurity:ipc-hdw4x2xdahuasecurity:ipc-hdw4x2x_firmwaredahuasecurity:ipc-hdw5x2xdahuasecurity:ipc-hdw5x2x_firmwaredahuasecurity:ipc-hfw1x2xdahuasecurity:ipc-hfw1x2x_firmwaredahuasecurity:ipc-hfw2x2xdahuasecurity:ipc-hfw2x2x_firmwaredahuasecurity:ipc-hfw4x2xdahuasecurity:ipc-hfw4x2x_firmwaredahuasecurity:ipc-hfw5x2xdahuasecurity:ipc-hfw5x2x_firmware
Weaknesses (CWE)
CWE-311
References
https://www.dahuasecurity.com/support/cybersecurity/details/637(cybersecurity@dahuatech.com)
https://www.dahuasecurity.com/support/cybersecurity/details/637(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.