CVE-2019-9677

Published: Sep 18, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

Affected (9)

Products: Dahuasecurity: Ipc Hdw1x2x Firmware, Ipc Hfw1x2x Firmware, Ipc Hdw2x2x Firmware, Ipc Hfw2x2x Firmware, Ipc Hdw4x2x Firmware, Ipc Hfw4x2x Firmware, Ipc Hdbw4x2x Firmware, Ipc Hdw5x2x Firmware, Ipc Hfw5x2x Firmware

9 products

Ipc Hdbw4x2x Firmware

Ipc Hdw5x2x Firmware

Ipc Hfw5x2x Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdw1x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hdw1x2x	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hfw1x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hfw1x2x	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdw2x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hdw2x2x	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hfw2x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hfw2x2x	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdw4x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hdw4x2x	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hfw4x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hfw4x2x	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw4x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hdbw4x2x	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdw5x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hdw5x2x	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hfw5x2x Firmware	Before 2019-08-18

Running on/with	Platform Versions
Dahuasecurity Ipc Hfw5x2x	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.dahuasecurity.com/support/cybersecurity/details/637

Source: cybersecurity@dahuatech.com

PatchVendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/637

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.