CVE-2019-9679

moderate-risk
Published 2019-09-18

Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (9)

Ipc-Hdw1X2X Firmware
Ipc-Hfw1X2X Firmware
Ipc-Hdw2X2X Firmware
Ipc-Hfw2X2X Firmware
Ipc-Hdw4X2X Firmware
Ipc-Hfw4X2X Firmware
Ipc-Hdbw4X2X Firmware
Ipc-Hdw5X2X Firmware
Ipc-Hfw5X2X Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/details/637
Patch https://www.dahuasecurity.com/support/cybersecurity/details/637
46
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 15/34 · Moderate