Lucene search

DahuaCVELIST:CVE-2024-39947

HistoryJul 31, 2024 - 3:22 a.m.

CVE-2024-39947

2024-07-3103:22:09

dahua

www.cve.org

dahua products

vulnerability

attacker

crafted data packet

device crash

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.0%

JSON

A vulnerability has been found in Dahua products.After obtaining the ordinary user’s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NVR4XXX",
    "vendor": "Dahua",
    "versions": [
      {
        "status": "affected",
        "version": "NVR4XXX Versions which Build time before 2023/12/13"
      }
    ]
  }
]

References

www.dahuasecurity.com/aboutUs/trustedCenter/details/768

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

14.0%

JSON

Related for CVELIST:CVE-2024-39947