PT-2019-19792 · Dahua · Ipc-Hfw4X2X+7

Published

2019-09-18

Updated

2021-07-21

CVE-2019-9678

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dahua products versions prior to August 18, 2019

Description The issue allows an attacker to cause a denial of service during the login process by constructing a malicious packet, which can crash the device. This affects various Dahua products, including IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, and IPC-HFW5X2X.

Recommendations For versions prior to August 18, 2019, update the software to a version released after August 18, 2019, to resolve the issue. As a temporary workaround, consider restricting access to the login process to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-9678

Affected Products

Ipc-Hdbw4X2X

Ipc-Hdw1X2X

Ipc-Hdw2X2X

Ipc-Hdw5X2X

Ipc-Hfw1X2X

Ipc-Hfw2X2X

Ipc-Hfw4X2X

Ipc-Hfw5X2X

PT-2019-19792 · Dahua · Ipc-Hfw4X2X+7

CVE-2019-9678

Related Identifiers

Affected Products

References · 3