CVE-2019-9682

Published: May 13, 2020Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.

Affected (20)

Products: Dahuasecurity: Sd6al Firmware, Sd5a Firmware, Sd1a Firmware, Ptz1a Firmware, Sd50 Firmware, Sd52c Firmware, Ipc Hx5842h Firmware, Ipc Hx7842h Firmware, Ipc Hx2xxx Firmware, Ipc Hxxx5x4x Firmware, N42b1p Firmware, N42b2p Firmware, N42b3p Firmware, N52a4p Firmware, N54a4p Firmware, N52b2p Firmware, N52b5p Firmware, N52b3p Firmware, N54b2p Firmware, Ipc Hdbw1320e W Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd6al Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Sd6al	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd5a Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Sd5a	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd1a Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Sd1a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ptz1a Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Ptz1a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd50 Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Sd50	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd52c Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Sd52c	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx5842h Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Ipc Hx5842h	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx7842h Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Ipc Hx7842h	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx2xxx Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Ipc Hx2xxx	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hxxx5x4x Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Ipc Hxxx5x4x	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N42b1p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N42b1p	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N42b2p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N42b2p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N42b3p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N42b3p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N52a4p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N52a4p	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N54a4p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N54a4p	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N52b2p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N52b2p	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N52b5p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N52b5p	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N52b3p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N52b3p	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity N54b2p Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity N54b2p	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw1320e W Firmware	Before 2019-12

Running on/with	Platform Versions
Dahuasecurity Ipc Hdbw1320e W	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.dahuasecurity.com/support/cybersecurity/details/767

Source: cybersecurity@dahuatech.com

Vendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/767

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.