Buffer Overflow Vulnerability in Dahua IP Camera Devices
CVE-2019-9676

7.8HIGH

Key Information:

Vendor: Dahuasecurity
Status: Ipc-hfw1xxx,ipc-hdw1xxx,ipc-hfw2xxx
Vendor: CVE Published:; 12 June 2019

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2019-9676?

A buffer overflow vulnerability has been identified in specific Dahua IP Camera models that could allow attackers to exploit the device after local login. This vulnerability exists in the serial port printing functionality, which is not utilized by the core functions of the device. If successfully exploited, it could lead to unexpected device restarts or even arbitrary code execution. Dahua has taken steps to address this issue through a security audit and has released updated firmware versions that eliminate the affected functionality in newer devices.

Affected Version(s)

IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2019
Vulnerability Reserved
Mar 11, 2019

CVE-2019-9676 Data

JSON