Vulnerabilities > Dahuasecurity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-18 | CVE-2019-9677 | Classic Buffer Overflow vulnerability in Dahuasecurity products The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. | 7.5 |
| 2019-09-17 | CVE-2019-9681 | Missing Encryption of Sensitive Data vulnerability in Dahuasecurity products Online upgrade information in some firmware packages of Dahua products is not encrypted. | 5.0 |
| 2019-06-12 | CVE-2019-9676 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dahuasecurity products Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. | 7.2 |
| 2018-07-24 | CVE-2017-3223 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dahuasecurity IP Camera Firmware Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. | 7.5 |
| 2018-05-23 | CVE-2017-9317 | Unspecified vulnerability in Dahuasecurity products Privilege escalation vulnerability found in some Dahua IP devices. | 4.0 |
| 2017-11-28 | CVE-2017-9315 | Unspecified vulnerability in Dahuasecurity products Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. | 5.0 |
| 2017-11-27 | CVE-2017-9316 | Improper Authentication vulnerability in Dahuasecurity products Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. | 5.8 |
| 2017-11-13 | CVE-2017-9314 | Improper Authentication vulnerability in Dahuasecurity products Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. | 6.5 |
| 2017-05-06 | CVE-2017-7927 | Use of Hard-coded Credentials vulnerability in Dahuasecurity products A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. | 7.5 |
| 2017-05-06 | CVE-2017-7925 | Insufficiently Protected Credentials vulnerability in Dahuasecurity products A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. | 5.0 |