Lucene search

DahuaVULNRICHMENT:CVE-2024-39945

HistoryJul 31, 2024 - 3:16 a.m.

CVE-2024-39945

2024-07-3103:16:31

dahua

github.com

dahua products

vulnerability

attacker

crash

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

14.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A vulnerability has been found in Dahua products. After
obtaining the administrator’s username and password, the attacker can send a
carefully crafted data packet to the interface with vulnerabilities, causing
the device to crash.

CNA Affected

[
  {
    "vendor": "Dahua",
    "product": "NVR4XXX",
    "versions": [
      {
        "status": "affected",
        "version": "NVR4XXX Versions which Build time before 2023/12/13"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.dahuasecurity.com/aboutUs/trustedCenter/details/768

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

14.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39945