Dahuasecurity

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45424 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.
CVE-2022-45423 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the cr...Show more Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).Show less
CVE-2022-30563 1Dahuasecurity 40Asi7213x T1 Firmware Asi7213x FirmwareAsi7223x A T1 Firmware+37 more Nov 21, 2024 Jun 28, 2022 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
CVE-2022-30562 1Dahuasecurity 40Asi7213x T1 Firmware Asi7213x FirmwareAsi7223x A T1 Firmware+37 more Nov 21, 2024 Jun 28, 2022 N/A· v4 4.7 MEDIUM· v3 4.0 MEDIUM· v2 If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results...Show more If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.Show less
CVE-2022-30561 1Dahuasecurity 40Asi7213x T1 Firmware Asi7213x FirmwareAsi7223x A T1 Firmware+37 more Nov 21, 2024 Jun 28, 2022 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
CVE-2022-30560 1Dahuasecurity 40Asi7213x T1 Firmware Asi7213x FirmwareAsi7223x A T1 Firmware+37 more Nov 21, 2024 Jun 28, 2022 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
CVE-2021-33046 1Dahuasecurity 28Asc2204c Firmware Hcvr7xxx FirmwareHcvr8xxx Firmware+25 more Nov 21, 2024 Jan 13, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
CVE-2021-33045 1Dahuasecurity 18Ipc Hum7xxx Firmware Ipc Hx3xxx FirmwareIpc Hx5xxx Firmware+15 more Jan 13, 2026 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVE-2021-33044 1Dahuasecurity 19Ipc Hum7xxx Firmware Ipc Hx3xxx FirmwareIpc Hx5xxx Firmware+16 more Jan 13, 2026 Sep 15, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVE-2020-9502 1Dahuasecurity 20Ipc Hdbw1320e W Firmware Ipc Hx2xxx FirmwareIpc Hx5842h Firmware+17 more Nov 21, 2024 May 13, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the devic...Show more Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.Show less
CVE-2020-9501 1Dahuasecurity 1Web P2p Nov 21, 2024 May 13, 2020 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud...Show more Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected.Show less
CVE-2019-9682 1Dahuasecurity 20Ipc Hdbw1320e W Firmware Ipc Hx2xxx FirmwareIpc Hx5842h Firmware+17 more Nov 21, 2024 May 13, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that us...Show more Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.Show less
CVE-2020-9500 1Dahuasecurity 19Ipc Hx2xxx Firmware Ipc Hx5842h FirmwareIpc Hx7842h Firmware+16 more Nov 21, 2024 Apr 9, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
CVE-2020-9499 1Dahuasecurity 19Ipc Hx2xxx Firmware Ipc Hx5842h FirmwareIpc Hx7842h Firmware+16 more Nov 21, 2024 Apr 9, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
CVE-2019-9680 1Dahuasecurity 9Ipc Hdbw4x2x Firmware Ipc Hdw1x2x FirmwareIpc Hdw2x2x Firmware+6 more Nov 21, 2024 Sep 18, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X...Show more Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.Show less
CVE-2019-9679 1Dahuasecurity 9Ipc Hdbw4x2x Firmware Ipc Hdw1x2x FirmwareIpc Hdw2x2x Firmware+6 more Nov 21, 2024 Sep 18, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,...Show more Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.Show less
CVE-2019-9678 1Dahuasecurity 9Ipc Hdbw4x2x Firmware Ipc Hdw1x2x FirmwareIpc Hdw2x2x Firmware+6 more Nov 21, 2024 Sep 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2...Show more Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.Show less
CVE-2019-9677 1Dahuasecurity 9Ipc Hdbw4x2x Firmware Ipc Hdw1x2x FirmwareIpc Hdw2x2x Firmware+6 more Nov 21, 2024 Sep 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW...Show more The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.Show less
CVE-2019-9681 1Dahuasecurity 9Ipc Hdbw4x2x Firmware Ipc Hdw1x2x FirmwareIpc Hdw2x2x Firmware+6 more Nov 21, 2024 Sep 17, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-...Show more Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.Show less
CVE-2019-9676 1Dahuasecurity 3Ipc Hdw1xxx Firmware Ipc Hfw1xxx FirmwareIpc Hfw2xxx Firmware Nov 21, 2024 Jun 12, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing inform...Show more Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.Show less

Previous 123 Next