CVE-2019-9678

moderate-risk
Published 2019-09-18

Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

Do I need to act?

-
0.54% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (9)

Ipc-Hdw1X2X Firmware
Ipc-Hfw1X2X Firmware
Ipc-Hdw2X2X Firmware
Ipc-Hfw2X2X Firmware
Ipc-Hdw4X2X Firmware
Ipc-Hfw4X2X Firmware
Ipc-Hdbw4X2X Firmware
Ipc-Hdw5X2X Firmware
Ipc-Hfw5X2X Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/details/637
Patch https://www.dahuasecurity.com/support/cybersecurity/details/637
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 15/34 · Moderate