Denial of Service Vulnerability in Dahua Security Products
CVE-2019-9678

7.5HIGH

Key Information:

Vendor: Dahua Technology
Status: Ipc-hdw1x2x,ipc-hfw1x2x,ipc-hdw2x2x,ipc-hfw2x2x,ipc-hdw4x2x,ipc-hfw4x2x,ipc-hdbw4x2x,ipc-hdw5x2x,ipc-hfw5x2x
Vendor: CVE Published:; 18 September 2019

🔔 Create Dahua Technology Vulnerability Alert

What is CVE-2019-9678?

Certain Dahua security products are susceptible to a denial of service condition during the login phase. An attacker can exploit this vulnerability by sending crafted malicious packets, leading to device crashes. This issue impacts specific models built prior to August 18, 2019, including various IPC-HDW and IPC-HFW series. It's crucial for users to apply the necessary security measures to mitigate potential risks.

Affected Version(s)

IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X Versions which Build time before August 18 2019

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2019
Vulnerability Reserved
Mar 11, 2019