Lucene search

[email protected]CVE-2019-9682

HistoryMay 13, 2020 - 4:15 p.m.

CVE-2019-9682

2020-05-1316:15:00

CWE-276

[email protected]

web.nvd.nist.gov

cve-2019-9682

dahua devices

security login

network attack

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.2%

JSON

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.

CPENameOperatorVersion
dahuasecurity:sd6al_firmwaredahuasecurity sd6al firmwarelt2019-12
dahuasecurity:sd5a_firmwaredahuasecurity sd5a firmwarelt2019-12
dahuasecurity:sd1a_firmwaredahuasecurity sd1a firmwarelt2019-12
dahuasecurity:ptz1a_firmwaredahuasecurity ptz1a firmwarelt2019-12
dahuasecurity:sd50_firmwaredahuasecurity sd50 firmwarelt2019-12
dahuasecurity:sd52c_firmwaredahuasecurity sd52c firmwarelt2019-12
dahuasecurity:ipc-hx5842h_firmwaredahuasecurity ipc-hx5842h firmwarelt2019-12
dahuasecurity:ipc-hx7842h_firmwaredahuasecurity ipc-hx7842h firmwarelt2019-12
dahuasecurity:ipc-hx2xxx_firmwaredahuasecurity ipc-hx2xxx firmwarelt2019-12
dahuasecurity:ipc-hxxx5x4x_firmwaredahuasecurity ipc-hxxx5x4x firmwarelt2019-12

CPE	Name	Operator	Version
dahuasecurity:sd6al_firmware	dahuasecurity sd6al firmware	lt	2019-12
dahuasecurity:sd5a_firmware	dahuasecurity sd5a firmware	lt	2019-12
dahuasecurity:sd1a_firmware	dahuasecurity sd1a firmware	lt	2019-12
dahuasecurity:ptz1a_firmware	dahuasecurity ptz1a firmware	lt	2019-12
dahuasecurity:sd50_firmware	dahuasecurity sd50 firmware	lt	2019-12
dahuasecurity:sd52c_firmware	dahuasecurity sd52c firmware	lt	2019-12
dahuasecurity:ipc-hx5842h_firmware	dahuasecurity ipc-hx5842h firmware	lt	2019-12
dahuasecurity:ipc-hx7842h_firmware	dahuasecurity ipc-hx7842h firmware	lt	2019-12
dahuasecurity:ipc-hx2xxx_firmware	dahuasecurity ipc-hx2xxx firmware	lt	2019-12
dahuasecurity:ipc-hxxx5x4x_firmware	dahuasecurity ipc-hxxx5x4x firmware	lt	2019-12

Rows per page:

1-10 of 201

References

www.dahuasecurity.com/support/cybersecurity/details/767

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for CVE-2019-9682

prion1