CVE-2019-9680
Last modified
CVE-2019-9680 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. EPSS estimates a 1.44% chance of exploitation in the next 30 days.
Description
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Ipc-Hdw1x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw1x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdw2x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw2x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdw4x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw4x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdbw4x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdw5x2x Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw5x2x Firmware | < 2019-08-18 |
References
- https://www.dahuasecurity.com/support/cybersecurity/details/637Patch, Vendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/637Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-9680?
How severe is CVE-2019-9680?
How do I fix CVE-2019-9680?
Are you affected by CVE-2019-9680?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST