CVE-2024-13130

Name of the Vulnerable Software and Affected Versions Dahua IPC-HFW1200S versions up to 20241222 Dahua IPC-HFW2300R-Z versions up to 20241222 Dahua IPC-HFW5220E-Z versions up to 20241222 Dahua IPC-HDW1200S versions up to 20241222

Description A vulnerability was found in the Web Interface component of the affected devices, specifically in some unknown functionality of the file ../mtd/Config/Sha1Account1. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Dahua IPC-HFW1200S versions up to 20241222, restrict access to the Web Interface to minimize the risk of exploitation. For Dahua IPC-HFW2300R-Z versions up to 20241222, consider disabling the ../mtd/Config/Sha1Account1 file functionality until a patch is available. For Dahua IPC-HFW5220E-Z versions up to 20241222, avoid using the vulnerable path traversal: '../filedir' in the Web Interface until the issue is resolved. For Dahua IPC-HDW1200S versions up to 20241222, as a temporary workaround, consider disabling the Web Interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.