Dahua Vulnerability: Attackers Can Initiate Device Initialization
CVE-2024-39950
9.8CRITICAL
What is CVE-2024-39950?
A serious vulnerability in various Dahua security products allows attackers to exploit a flaw related to input validation. By sending meticulously crafted data packets, an attacker can initiate the device initialization process in a manner that may lead to unauthorized access or malfunction of the device. This vulnerability emphasizes the need for stringent security measures and regular updates for users of Dahua products to protect against potential exploitations.
Affected Version(s)
NVR4XXX and IPC-HX8XXX NVR4XXX and IPC-HX8XXX Versions which Build timeĀ before 2024/1/22
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved