CVE-2024-13131

Name of the Vulnerable Software and Affected Versions Dahua IPC-HFW1200S versions up to 20241222 Dahua IPC-HFW2300R-Z versions up to 20241222 Dahua IPC-HFW5220E-Z versions up to 20241222 Dahua IPC-HDW1200S versions up to 20241222

Description A problematic vulnerability has been found in the Web Interface component of Dahua devices, affecting an unknown part of the /web caps/webCapsConfig file. This vulnerability leads to information disclosure and can be initiated remotely. The exploit has been publicly disclosed and may be used.

Recommendations For Dahua IPC-HFW1200S versions up to 20241222, restrict access to the Web Interface component to minimize the risk of exploitation. For Dahua IPC-HFW2300R-Z versions up to 20241222, consider disabling the Web Interface until a patch is available. For Dahua IPC-HFW5220E-Z versions up to 20241222, avoid using the /web caps/webCapsConfig file in the Web Interface until the issue is resolved. For Dahua IPC-HDW1200S versions up to 20241222, limit remote access to the device to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.