21 matches found
Dahua IPC和Dahua SD 安全漏洞
Dahua IPC and Dahua SD are both products of Dahua, a Chinese company.Dahua IPC is a series of industrial controllers from Dahua.Dahua SD is a series of PTZ dome cameras. A security vulnerability exists in the Dahua IPC and Dahua SD. The vulnerability originates from a third-party malicious attack...
EUVD-2017-15403
Malware in sbrugna...
Dahua Security Network Video Recorders Improper Input Validation (CVE-2024-39948)
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Dahua Security NVR NVR50XX, NVR52XX, NVR54XX, and NVR58XX Improper Authentication (CVE-2017-9314)
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DHNVR5xxxEngPV2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. This plugin only works with...
Dahua Security Network Video Recorders Improper Input Validation (CVE-2024-39949)
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Dahua Security Network Video Recorders Improper Input Validation (CVE-2024-39945)
A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. This plugin only works with Tenable.ot. Please visit...
Dahua Security Network Video Recorders Improper Input Validation (CVE-2024-39946)
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization. This plugin only works with Tenable.ot. Please visit...
Dahua Security Digital Video Recorders Credentials Management Errors (CVE-2013-3612)
Dahua DVR appliances have a hardcoded password for 1 the root account and 2 an unspecified backdoor account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving a ActiveX, b a standalone client, or c unknown other vectors. This plugin on...
Dahua Security Network Video Recorders Improper Input Validation (CVE-2024-39947)
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. This plugin only works with Tenable.ot. Please visit...
Dahua Security Digital Video Recorders Permissions, Privileges, and Access Controls (CVE-2013-5754)
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving 1 ActiveX, 2 a...
Dahua Security Multiple Products Improper Input Validation (CVE-2024-39944)
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEV...
Dahua Security Multiple Products Improper Input Validation (CVE-2024-39950)
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Dahua Security Cameras Allocation of Resources Without Limits or Throttling (CVE-2020-9500)
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...
Dahua Security Cameras Improper Authentication (CVE-2021-33045)
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...
Dahua Security Cameras Weak Password Recovery Mechanism for Forgotten Password (CVE-2017-9315)
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by...
Dahua ASI7213X-T1 Unrestricted Upload of File with Dangerous Type (CVE-2022-30560)
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. This plugin only works with Tenable.ot. Please visit...
Dahua ASI7213X-T1 Generation of Error Message Containing Sensitive Information (CVE-2022-30562)
If the user enables the https function on the device, an attacker can modify the user's request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. This plugin only works wit...
Dahua Security Cameras Unauthorized device timestamp modification (CVE-2022-30564)
Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. This plugin only works with Tenable.ot. Please visit...
Dahua Security Cameras Use of Insufficiently Random Values (CVE-2020-9502)
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. This plugin only works with Tenable.ot. Please visit...
Dahua Security Cameras Cleartext Storage of Sensitive Information (CVE-2019-9681)
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC- HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-...