Dahua Products Vulnerability Allows Remote Code Execution
CVE-2024-39946

6MEDIUM

Key Information:

Vendor: Dahua
Status: Nvr4xxx
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-39946?

A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.

Affected Version(s)

NVR4XXX NVR4XXX Versions which Build time before 2023/12/13

References

https://www.dahuasecurity.com/aboutUs/trustedCenter/detai...

CVSS V3.1

Score:

6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Jul 5, 2024

.