Vulnerabilities > Dahuasecurity > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-28 | CVE-2022-30562 | Open Redirect vulnerability in Dahuasecurity products If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | 4.0 |
| 2022-06-28 | CVE-2022-30563 | Unspecified vulnerability in Dahuasecurity products When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. network dahuasecurity | 5.8 |
| 2020-05-13 | CVE-2019-9682 | Incorrect Default Permissions vulnerability in Dahuasecurity products Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. | 6.8 |
| 2020-04-09 | CVE-2020-9500 | Improper Input Validation vulnerability in Dahuasecurity products Some products of Dahua have Denial of Service vulnerabilities. | 4.0 |
| 2020-04-09 | CVE-2020-9499 | Classic Buffer Overflow vulnerability in Dahuasecurity products Some Dahua products have buffer overflow vulnerabilities. | 6.5 |
| 2019-09-18 | CVE-2019-9680 | Information Exposure vulnerability in Dahuasecurity products Some Dahua products have information leakage issues. | 5.0 |
| 2019-09-18 | CVE-2019-9679 | Incorrect Default Permissions vulnerability in Dahuasecurity products Some of Dahua's Debug functions do not have permission separation. | 6.5 |
| 2019-09-18 | CVE-2019-9678 | Improper Input Validation vulnerability in Dahuasecurity products Some Dahua products have the problem of denial of service during the login process. | 5.0 |
| 2019-09-17 | CVE-2019-9681 | Missing Encryption of Sensitive Data vulnerability in Dahuasecurity products Online upgrade information in some firmware packages of Dahua products is not encrypted. | 5.0 |
| 2018-05-23 | CVE-2017-9317 | Unspecified vulnerability in Dahuasecurity products Privilege escalation vulnerability found in some Dahua IP devices. | 4.0 |