Dahua Products Vulnerable to Crashing Attacks
CVE-2024-39944

7.5HIGH

Key Information:

Vendor: Dahua
Status: Ipc-hx8xxx And Nvr4xxx
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-39944?

A vulnerability exists within Dahua Security Devices that compromises data packet handling. This flaw allows attackers to send specially crafted data packets to the devices, potentially leading to a crash or failure in operations. The exploitation of this vulnerability raises serious concerns regarding the security and reliability of affected Dahua products. Users of Dahua's NVRs and IP Cameras are urged to monitor their systems for abnormal behavior and apply any recommended security updates to mitigate the potential risks associated with this vulnerability.

Affected Version(s)

IPC-HX8XXX and NVR4XXX IPC-HX8XXX and NVR4XXX Versions which Build time before 2024/2/2

References

https://www.dahuasecurity.com/aboutUs/trustedCenter/detai...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Jul 5, 2024