Vulnerabilities > CVE-2019-9680 - Unspecified vulnerability in Dahuasecurity products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dahuasecurity

NVD

Published: 2019-09-18

Updated: 2021-07-21

Summary

Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

Vulnerable Configurations

Part	Description	Count
OS	Dahuasecurity Dahuasecurity IPC Hdw1X2X Firmware - Dahuasecurity IPC Hfw1X2X Firmware - Dahuasecurity IPC Hdw2X2X Firmware - Dahuasecurity IPC Hfw2X2X Firmware - Dahuasecurity IPC Hdw4X2X Firmware - Dahuasecurity IPC Hfw4X2X Firmware - Dahuasecurity IPC Hdbw4X2X Firmware - Dahuasecurity IPC Hdw5X2X Firmware - Dahuasecurity IPC Hfw5X2X Firmware -	9
Hardware	Dahuasecurity Dahuasecurity IPC Hdw1X2X - Dahuasecurity IPC Hfw1X2X - Dahuasecurity IPC Hdw2X2X - Dahuasecurity IPC Hfw2X2X - Dahuasecurity IPC Hdw4X2X - Dahuasecurity IPC Hfw4X2X - Dahuasecurity IPC Hdbw4X2X - Dahuasecurity IPC Hdw5X2X - Dahuasecurity IPC Hfw5X2X -	9

References

https://www.dahuasecurity.com/support/cybersecurity/details/637