Dahua Vulnerability: Attackers Can Initiate Device Initialization
CVE-2024-39950

9.8CRITICAL

Key Information:

Vendor: Dahua
Status: Nvr4xxx And Ipc-hx8xxx
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-39950?

A serious vulnerability in various Dahua security products allows attackers to exploit a flaw related to input validation. By sending meticulously crafted data packets, an attacker can initiate the device initialization process in a manner that may lead to unauthorized access or malfunction of the device. This vulnerability emphasizes the need for stringent security measures and regular updates for users of Dahua products to protect against potential exploitations.

Affected Version(s)

NVR4XXX and IPC-HX8XXX NVR4XXX and IPC-HX8XXX Versions which Build time before 2024/1/22

References

https://www.dahuasecurity.com/aboutUs/trustedCenter/detai...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Jul 5, 2024