PT-2019-19795 · Dahua · Dahua

Publicado

2019-09-17

Atualizado

2020-08-24

CVE-2019-9681

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dahua products versions prior to August 18, 2019

Description The issue concerns unencrypted online upgrade information in certain firmware packages of Dahua products. This allows attackers to obtain sensitive information by analyzing the firmware packages. The estimated number of potentially affected devices is not specified.

Recommendations For versions prior to August 18, 2019, update the firmware to a version released after August 18, 2019, to ensure the online upgrade information is properly encrypted.

Correção

Missing Encryption of Sensitive Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-311

Identificadores relacionados

CVE-2019-9681

Produtos afetados

Dahua

PT-2019-19795 · Dahua · Dahua

CVE-2019-9681

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3