Vulnerabilities > Dahuasecurity > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-9502 | Use of Insufficiently Random Values vulnerability in Dahuasecurity products Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. | 7.5 |
| 2019-09-18 | CVE-2019-9677 | Classic Buffer Overflow vulnerability in Dahuasecurity products The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. | 7.5 |
| 2019-06-12 | CVE-2019-9676 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dahuasecurity products Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. | 7.2 |
| 2018-07-24 | CVE-2017-3223 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dahuasecurity IP Camera Firmware Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. | 7.5 |
| 2017-05-06 | CVE-2017-7927 | Use of Hard-coded Credentials vulnerability in Dahuasecurity products A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. | 7.5 |
| 2014-07-11 | CVE-2013-6117 | Improper Authentication vulnerability in Dahuasecurity DVR Firmware 2.608.0000.0/2.608.Gv00.0 Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. | 7.5 |
| 2013-09-17 | CVE-2013-3615 | Credentials Management vulnerability in Dahuasecurity products Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. | 7.8 |
| 2013-09-17 | CVE-2013-3613 | Improper Authentication vulnerability in Dahuasecurity products Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | 7.8 |