Buffer Overflow Vulnerability in Dahua Products
CVE-2019-9677

9.8CRITICAL

Key Information:

Vendor: Dahua Technology
Status: Ipc-hdw1x2x,ipc-hfw1x2x,ipc-hdw2x2x,ipc-hfw2x2x,ipc-hdw4x2x,ipc-hfw4x2x,ipc-hdbw4x2x,ipc-hdw5x2x,ipc-hfw5x2x
Vendor: CVE Published:; 18 September 2019

What is CVE-2019-9677?

A vulnerability in the CGI interface of Dahua products allows attackers to exploit specific fields that are not properly validated. By crafting malicious packets, an attacker can trigger a buffer overflow, potentially leading to unauthorized access or a complete system compromise. This vulnerability affects various Dahua CCTV camera models with firmware built before August 18, 2019, emphasizing the need for software updates to mitigate associated risks.

Affected Version(s)

IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X Versions which Build time before August 18 2019

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2019
Vulnerability Reserved
Mar 11, 2019

Dahua Technology

What is CVE-2019-9677?

Affected Version(s)

References

CVSS V3.1

Timeline