PT-2019-19793 · Dahua · Dahua Ipc-Hdw5X2X+4

Published

2019-09-18

Updated

2019-09-19

CVE-2019-9679

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dahua IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, IPC-HFW5X2X versions prior to August 18, 2019

Description The issue arises from a lack of permission separation in some of Dahua's Debug functions, allowing low-privileged users to access the Debug function after logging in.

Recommendations For versions prior to August 18, 2019, consider disabling the Debug function to prevent low-privileged users from accessing it until a fix is available. Restrict access to the Debug functions to minimize the risk of exploitation.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2019-9679

Affected Products

Dahua Ipc-Hdbw4X2X

Dahua Ipc-Hdw1X2X

Dahua Ipc-Hdw2X2X

Dahua Ipc-Hdw4X2X

Dahua Ipc-Hdw5X2X

PT-2019-19793 · Dahua · Dahua Ipc-Hdw5X2X+4

CVE-2019-9679

Weakness Enumeration

Related Identifiers

Affected Products

References · 3