Lucene search

DahuaCVELIST:CVE-2024-39945

HistoryJul 31, 2024 - 3:16 a.m.

CVE-2024-39945

2024-07-3103:16:31

dahua

www.cve.org

vulnerability

dahua

attacker

crash

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.0%

JSON

A vulnerability has been found in Dahua products. After
obtaining the administrator’s username and password, the attacker can send a
carefully crafted data packet to the interface with vulnerabilities, causing
the device to crash.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVR4XXX",
    "vendor": "Dahua",
    "versions": [
      {
        "status": "affected",
        "version": "NVR4XXX Versions which Build time before 2023/12/13"
      }
    ]
  }
]

References

www.dahuasecurity.com/aboutUs/trustedCenter/details/768

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.0%

JSON

Related for CVELIST:CVE-2024-39945