CVE-2019-9678

Name of the Vulnerable Software and Affected Versions Dahua products versions prior to August 18, 2019

Description The issue allows an attacker to cause a denial of service during the login process by constructing a malicious packet, which can crash the device. This affects various Dahua products, including IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, and IPC-HFW5X2X.

Recommendations For versions prior to August 18, 2019, update the software to a version released after August 18, 2019, to resolve the issue. As a temporary workaround, consider restricting access to the login process to minimize the risk of exploitation.