PT-2019-19795 · Dahua · Dahua
Published
2019-09-17
·
Updated
2020-08-24
·
CVE-2019-9681
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Dahua products versions prior to August 18, 2019
Description
The issue concerns unencrypted online upgrade information in certain firmware packages of Dahua products. This allows attackers to obtain sensitive information by analyzing the firmware packages. The estimated number of potentially affected devices is not specified.
Recommendations
For versions prior to August 18, 2019, update the firmware to a version released after August 18, 2019, to ensure the online upgrade information is properly encrypted.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dahua