Dahua Vulnerability Leads to Device Crash
CVE-2024-39947

6.5MEDIUM

Key Information:

Vendor: Dahua
Status: Nvr4xxx
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-39947?

A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.

Affected Version(s)

NVR4XXX NVR4XXX Versions which Build time before 2023/12/13

References

https://www.dahuasecurity.com/aboutUs/trustedCenter/detai...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Jul 5, 2024

.