Vulnerabilities > Dahuasecurity

DATE CVE VULNERABILITY TITLE RISK
2020-05-13 CVE-2020-9502 USE of Insufficiently Random Values vulnerability in Dahuasecurity products
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities.
network
low complexity
dahuasecurity CWE-330
7.5
2020-05-13 CVE-2020-9501 Information Exposure vulnerability in Dahuasecurity web P2P
Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways.
local
low complexity
dahuasecurity CWE-200
2.1
2020-05-13 CVE-2019-9682 Incorrect Default Permissions vulnerability in Dahuasecurity products
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control.
6.8
2019-09-18 CVE-2019-9680 Information Exposure vulnerability in Dahuasecurity products
Some Dahua products have information leakage issues.
network
low complexity
dahuasecurity CWE-200
5.0
2019-09-18 CVE-2019-9679 Incorrect Default Permissions vulnerability in Dahuasecurity products
Some of Dahua's Debug functions do not have permission separation.
network
low complexity
dahuasecurity CWE-276
6.5
2019-09-18 CVE-2019-9678 Improper Input Validation vulnerability in Dahuasecurity products
Some Dahua products have the problem of denial of service during the login process.
network
low complexity
dahuasecurity CWE-20
5.0
2019-09-18 CVE-2019-9677 Classic Buffer Overflow vulnerability in Dahuasecurity products
The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets.
network
low complexity
dahuasecurity CWE-120
7.5
2019-09-17 CVE-2019-9681 Missing Encryption of Sensitive Data vulnerability in Dahuasecurity products
Online upgrade information in some firmware packages of Dahua products is not encrypted.
network
low complexity
dahuasecurity CWE-311
5.0
2019-06-12 CVE-2019-9676 Buffer Errors vulnerability in Dahuasecurity products
Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11.
local
low complexity
dahuasecurity CWE-119
7.2
2018-07-24 CVE-2017-3223 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Dahuasecurity IP Camera Firmware
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.
network
low complexity
dahuasecurity CWE-119
7.5