Vulnerabilities > CVE-2019-9678 - Unspecified vulnerability in Dahuasecurity products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dahuasecurity

NVD

Published: 2019-09-18

Updated: 2021-07-21

Summary

Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

Vulnerable Configurations

Part	Description	Count
OS	Dahuasecurity Dahuasecurity IPC Hdw1X2X Firmware - Dahuasecurity IPC Hfw1X2X Firmware - Dahuasecurity IPC Hdw2X2X Firmware - Dahuasecurity IPC Hfw2X2X Firmware - Dahuasecurity IPC Hdw4X2X Firmware - Dahuasecurity IPC Hfw4X2X Firmware - Dahuasecurity IPC Hdbw4X2X Firmware - Dahuasecurity IPC Hdw5X2X Firmware - Dahuasecurity IPC Hfw5X2X Firmware -	9
Hardware	Dahuasecurity Dahuasecurity IPC Hdw1X2X - Dahuasecurity IPC Hfw1X2X - Dahuasecurity IPC Hdw2X2X - Dahuasecurity IPC Hfw2X2X - Dahuasecurity IPC Hdw4X2X - Dahuasecurity IPC Hfw4X2X - Dahuasecurity IPC Hdbw4X2X - Dahuasecurity IPC Hdw5X2X - Dahuasecurity IPC Hfw5X2X -	9

References

https://www.dahuasecurity.com/support/cybersecurity/details/637