CVE-2019-3948
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.
Affected (12)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.520.ac00.18.r |
| Running on/with | Platform Versions |
|---|---|
Amcrest Ip2m 841b | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 | |
| Before 2018-05-18 |
References (8)
Source: vulnreport@tenable.com
ExploitThird Party AdvisoryVDB Entry
Source: vulnreport@tenable.com
Source: vulnreport@tenable.com
Source: vulnreport@tenable.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Timeline
No history available yet.