MidnightBSD

Advisories for dahuasecurity

CVE-2013-3612 HIGH

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
dahuasecurity dvr2104he -
dahuasecurity dvr2116he -
dahuasecurity dvr0404hd-u -
dahuasecurity dvr5208l -
dahuasecurity dvr0804hd-l -
dahuasecurity dvr0804hd-s -
dahuasecurity dvr5108he -
dahuasecurity dvr0404hf-al-e -
dahuasecurity dvr0804hf-al-e -
dahuasecurity dvr5416 -
dahuasecurity dvr2404lf-al -
dahuasecurity dvr5108c -
dahuasecurity dvr1604hf-al-e -
dahuasecurity dvr3204lf-s -
dahuasecurity dvr5116c -
dahuasecurity dvr2116h -
dahuasecurity dvr2108h -
dahuasecurity dvr3232l -
dahuasecurity dvr2104c -
dahuasecurity dvr2116hc -
dahuasecurity dvr1604hf-u-e -
dahuasecurity dvr5204l -
dahuasecurity dvr2404lf-s -
dahuasecurity dvr0404hf-u-e -
dahuasecurity dvr0804hf-u-e -
dahuasecurity dvr2108he -
dahuasecurity dvr0804hf-s-e -
dahuasecurity dvr2404hf-s -
dahuasecurity dvr2108hc -
dahuasecurity dvr3224l -
dahuasecurity dvr5408 -
dahuasecurity dvr5804 -
dahuasecurity dvr0404hd-s -
dahuasecurity dvr2108c -
dahuasecurity dvr1604hd-l -
dahuasecurity dvr1604hf-a-e -
dahuasecurity dvr1604hf-l-e -
dahuasecurity dvr0404hd-a -
dahuasecurity dvr1604hf-s-e -
dahuasecurity dvr5116h -
dahuasecurity dvr5216a -
dahuasecurity dvr5808 -
dahuasecurity dvr2104h -
dahuasecurity dvr5104h -
dahuasecurity dvr0404hf-a-e -
dahuasecurity dvr0804hf-l-e -
dahuasecurity dvr5104he -
dahuasecurity dvr0404hd-l -
dahuasecurity dvr2104hc -
dahuasecurity dvr0804 -
dahuasecurity dvr5108h -
dahuasecurity dvr6404lf-s -
dahuasecurity dvr5104c -
dahuasecurity dvr0804hf-a-e -
dahuasecurity dvr5204a -
dahuasecurity dvr5404 -
dahuasecurity dvr3204hf-s -
dahuasecurity dvr1604hd-s -
dahuasecurity dvr5216l -
dahuasecurity dvr0404hf-s-e -
dahuasecurity dvr5208a -
dahuasecurity dvr3204lf-al -
dahuasecurity dvr2116c -
dahuasecurity dvr5116he -
dahuasecurity dvr5816 -
CVE-2013-3613 HIGH

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dahuasecurity dvr2104he -
dahuasecurity dvr2116he -
dahuasecurity dvr0404hd-u -
dahuasecurity dvr5208l -
dahuasecurity dvr0804hd-l -
dahuasecurity dvr0804hd-s -
dahuasecurity dvr5108he -
dahuasecurity dvr0404hf-al-e -
dahuasecurity dvr0804hf-al-e -
dahuasecurity dvr5416 -
dahuasecurity dvr2404lf-al -
dahuasecurity dvr5108c -
dahuasecurity dvr1604hf-al-e -
dahuasecurity dvr3204lf-s -
dahuasecurity dvr5116c -
dahuasecurity dvr2116h -
dahuasecurity dvr2108h -
dahuasecurity dvr3232l -
dahuasecurity dvr2104c -
dahuasecurity dvr2116hc -
dahuasecurity dvr1604hf-u-e -
dahuasecurity dvr5204l -
dahuasecurity dvr2404lf-s -
dahuasecurity dvr0404hf-u-e -
dahuasecurity dvr0804hf-u-e -
dahuasecurity dvr2108he -
dahuasecurity dvr0804hf-s-e -
dahuasecurity dvr2404hf-s -
dahuasecurity dvr2108hc -
dahuasecurity dvr3224l -
dahuasecurity dvr5408 -
dahuasecurity dvr5804 -
dahuasecurity dvr0404hd-s -
dahuasecurity dvr2108c -
dahuasecurity dvr1604hd-l -
dahuasecurity dvr1604hf-a-e -
dahuasecurity dvr1604hf-l-e -
dahuasecurity dvr0404hd-a -
dahuasecurity dvr1604hf-s-e -
dahuasecurity dvr5116h -
dahuasecurity dvr5216a -
dahuasecurity dvr5808 -
dahuasecurity dvr2104h -
dahuasecurity dvr5104h -
dahuasecurity dvr0404hf-a-e -
dahuasecurity dvr0804hf-l-e -
dahuasecurity dvr5104he -
dahuasecurity dvr0404hd-l -
dahuasecurity dvr2104hc -
dahuasecurity dvr0804 -
dahuasecurity dvr5108h -
dahuasecurity dvr6404lf-s -
dahuasecurity dvr5104c -
dahuasecurity dvr0804hf-a-e -
dahuasecurity dvr5204a -
dahuasecurity dvr5404 -
dahuasecurity dvr3204hf-s -
dahuasecurity dvr1604hd-s -
dahuasecurity dvr5216l -
dahuasecurity dvr0404hf-s-e -
dahuasecurity dvr5208a -
dahuasecurity dvr3204lf-al -
dahuasecurity dvr2116c -
dahuasecurity dvr5116he -
dahuasecurity dvr5816 -
CVE-2013-3614 HIGH

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dahuasecurity dvr2104he -
dahuasecurity dvr2116he -
dahuasecurity dvr0404hd-u -
dahuasecurity dvr5208l -
dahuasecurity dvr0804hd-l -
dahuasecurity dvr0804hd-s -
dahuasecurity dvr5108he -
dahuasecurity dvr0404hf-al-e -
dahuasecurity dvr0804hf-al-e -
dahuasecurity dvr5416 -
dahuasecurity dvr2404lf-al -
dahuasecurity dvr5108c -
dahuasecurity dvr1604hf-al-e -
dahuasecurity dvr3204lf-s -
dahuasecurity dvr5116c -
dahuasecurity dvr2116h -
dahuasecurity dvr2108h -
dahuasecurity dvr3232l -
dahuasecurity dvr2104c -
dahuasecurity dvr2116hc -
dahuasecurity dvr1604hf-u-e -
dahuasecurity dvr5204l -
dahuasecurity dvr2404lf-s -
dahuasecurity dvr0404hf-u-e -
dahuasecurity dvr0804hf-u-e -
dahuasecurity dvr2108he -
dahuasecurity dvr0804hf-s-e -
dahuasecurity dvr2404hf-s -
dahuasecurity dvr2108hc -
dahuasecurity dvr3224l -
dahuasecurity dvr5408 -
dahuasecurity dvr5804 -
dahuasecurity dvr0404hd-s -
dahuasecurity dvr2108c -
dahuasecurity dvr1604hd-l -
dahuasecurity dvr1604hf-a-e -
dahuasecurity dvr1604hf-l-e -
dahuasecurity dvr0404hd-a -
dahuasecurity dvr1604hf-s-e -
dahuasecurity dvr5116h -
dahuasecurity dvr5216a -
dahuasecurity dvr5808 -
dahuasecurity dvr2104h -
dahuasecurity dvr5104h -
dahuasecurity dvr0404hf-a-e -
dahuasecurity dvr0804hf-l-e -
dahuasecurity dvr5104he -
dahuasecurity dvr0404hd-l -
dahuasecurity dvr2104hc -
dahuasecurity dvr0804 -
dahuasecurity dvr5108h -
dahuasecurity dvr6404lf-s -
dahuasecurity dvr5104c -
dahuasecurity dvr0804hf-a-e -
dahuasecurity dvr5204a -
dahuasecurity dvr5404 -
dahuasecurity dvr3204hf-s -
dahuasecurity dvr1604hd-s -
dahuasecurity dvr5216l -
dahuasecurity dvr0404hf-s-e -
dahuasecurity dvr5208a -
dahuasecurity dvr3204lf-al -
dahuasecurity dvr2116c -
dahuasecurity dvr5116he -
dahuasecurity dvr5816 -
CVE-2013-3615 HIGH

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
dahuasecurity dvr2104he -
dahuasecurity dvr2116he -
dahuasecurity dvr0404hd-u -
dahuasecurity dvr5208l -
dahuasecurity dvr0804hd-l -
dahuasecurity dvr0804hd-s -
dahuasecurity dvr5108he -
dahuasecurity dvr0404hf-al-e -
dahuasecurity dvr0804hf-al-e -
dahuasecurity dvr5416 -
dahuasecurity dvr2404lf-al -
dahuasecurity dvr5108c -
dahuasecurity dvr1604hf-al-e -
dahuasecurity dvr3204lf-s -
dahuasecurity dvr5116c -
dahuasecurity dvr2116h -
dahuasecurity dvr2108h -
dahuasecurity dvr3232l -
dahuasecurity dvr2104c -
dahuasecurity dvr2116hc -
dahuasecurity dvr1604hf-u-e -
dahuasecurity dvr5204l -
dahuasecurity dvr2404lf-s -
dahuasecurity dvr0404hf-u-e -
dahuasecurity dvr0804hf-u-e -
dahuasecurity dvr2108he -
dahuasecurity dvr0804hf-s-e -
dahuasecurity dvr2404hf-s -
dahuasecurity dvr2108hc -
dahuasecurity dvr3224l -
dahuasecurity dvr5408 -
dahuasecurity dvr5804 -
dahuasecurity dvr0404hd-s -
dahuasecurity dvr2108c -
dahuasecurity dvr1604hd-l -
dahuasecurity dvr1604hf-a-e -
dahuasecurity dvr1604hf-l-e -
dahuasecurity dvr0404hd-a -
dahuasecurity dvr1604hf-s-e -
dahuasecurity dvr5116h -
dahuasecurity dvr5216a -
dahuasecurity dvr5808 -
dahuasecurity dvr2104h -
dahuasecurity dvr5104h -
dahuasecurity dvr0404hf-a-e -
dahuasecurity dvr0804hf-l-e -
dahuasecurity dvr5104he -
dahuasecurity dvr0404hd-l -
dahuasecurity dvr2104hc -
dahuasecurity dvr0804 -
dahuasecurity dvr5108h -
dahuasecurity dvr6404lf-s -
dahuasecurity dvr5104c -
dahuasecurity dvr0804hf-a-e -
dahuasecurity dvr5204a -
dahuasecurity dvr5404 -
dahuasecurity dvr3204hf-s -
dahuasecurity dvr1604hd-s -
dahuasecurity dvr5216l -
dahuasecurity dvr0404hf-s-e -
dahuasecurity dvr5208a -
dahuasecurity dvr3204lf-al -
dahuasecurity dvr2116c -
dahuasecurity dvr5116he -
dahuasecurity dvr5816 -
CVE-2013-5754 HIGH

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
dahuasecurity dvr2104he -
dahuasecurity dvr2116he -
dahuasecurity dvr0404hd-u -
dahuasecurity dvr5208l -
dahuasecurity dvr0804hd-l -
dahuasecurity dvr0804hd-s -
dahuasecurity dvr5108he -
dahuasecurity dvr0404hf-al-e -
dahuasecurity dvr0804hf-al-e -
dahuasecurity dvr5416 -
dahuasecurity dvr2404lf-al -
dahuasecurity dvr5108c -
dahuasecurity dvr1604hf-al-e -
dahuasecurity dvr3204lf-s -
dahuasecurity dvr5116c -
dahuasecurity dvr2116h -
dahuasecurity dvr2108h -
dahuasecurity dvr3232l -
dahuasecurity dvr2104c -
dahuasecurity dvr2116hc -
dahuasecurity dvr1604hf-u-e -
dahuasecurity dvr5204l -
dahuasecurity dvr2404lf-s -
dahuasecurity dvr0404hf-u-e -
dahuasecurity dvr0804hf-u-e -
dahuasecurity dvr2108he -
dahuasecurity dvr0804hf-s-e -
dahuasecurity dvr2404hf-s -
dahuasecurity dvr2108hc -
dahuasecurity dvr3224l -
dahuasecurity dvr5408 -
dahuasecurity dvr5804 -
dahuasecurity dvr0404hd-s -
dahuasecurity dvr2108c -
dahuasecurity dvr1604hd-l -
dahuasecurity dvr1604hf-a-e -
dahuasecurity dvr1604hf-l-e -
dahuasecurity dvr0404hd-a -
dahuasecurity dvr1604hf-s-e -
dahuasecurity dvr5116h -
dahuasecurity dvr5216a -
dahuasecurity dvr5808 -
dahuasecurity dvr2104h -
dahuasecurity dvr5104h -
dahuasecurity dvr0404hf-a-e -
dahuasecurity dvr0804hf-l-e -
dahuasecurity dvr5104he -
dahuasecurity dvr0404hd-l -
dahuasecurity dvr2104hc -
dahuasecurity dvr0804 -
dahuasecurity dvr5108h -
dahuasecurity dvr6404lf-s -
dahuasecurity dvr5104c -
dahuasecurity dvr0804hf-a-e -
dahuasecurity dvr5204a -
dahuasecurity dvr5404 -
dahuasecurity dvr3204hf-s -
dahuasecurity dvr1604hd-s -
dahuasecurity dvr5216l -
dahuasecurity dvr0404hf-s-e -
dahuasecurity dvr5208a -
dahuasecurity dvr3204lf-al -
dahuasecurity dvr2116c -
dahuasecurity dvr5116he -
dahuasecurity dvr5816 -
CVE-2013-6117 HIGH

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dahuasecurity dvr_firmware 2.608.gv00.0
dahuasecurity dvr_firmware 2.608.0000.0
CVE-2017-3223 HIGH

Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
dahuasecurity ip_camera_firmware *
CVE-2017-6341 MEDIUM

Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
dahuasecurity smartpss_firmware 1.16.1
dahuasecurity nvr_firmware 3.210.0001.10
dahuasecurity camera_firmware 2.400.0000.28.r
CVE-2017-6342 HIGH

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
dahuasecurity smartpss_firmware 1.16.1
dahuasecurity nvr_firmware 3.210.0001.10
dahuasecurity camera_firmware 2.400.0000.28.r
CVE-2017-6343 HIGH

The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dahuasecurity smartpss_firmware 1.16.1
dahuasecurity nvr_firmware 3.210.0001.10
dahuasecurity camera_firmware 2.400.0000.28.r
CVE-2017-6432 HIGH

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,

Products Affected

Vendor Product Version
dahuasecurity nvr_firmware 3.210.0001.10
CVE-2017-7253 HIGH

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-922,

Products Affected

Vendor Product Version
dahuasecurity ip_camera_firmware 3.200.0001.6
CVE-2017-7925 MEDIUM

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-260,CWE-522,

Products Affected

Vendor Product Version
dahuasecurity dh-ipc-hdbw23a0rn-zs_firmware -
dahuasecurity dh-ipc-hdbw13a0sn_firmware -
dahuasecurity dh-ipc-hdw4xxx_firmware -
dahuasecurity dhi-hcvr51a04he-s3_firmware -
dahuasecurity dh-sd6cxx_firmware -
dahuasecurity dh-ipc-hfw4xxx_firmware -
dahuasecurity dh-ipc-hdw1xxx_firmware -
dahuasecurity dh-ipc-hfw1xxx_firmware -
dahuasecurity dh-hcvr5xxx_firmware -
dahuasecurity dh-ipc-hfw2xxx_firmware -
dahuasecurity dh-nvr1xxx_firmware -
dahuasecurity dhi-hcvr51a08he-s3_firmware -
dahuasecurity dh-hcvr4xxx_firmware -
dahuasecurity dhi-hcvr58a32s-s2_firmware -
dahuasecurity dh-ipc-hdw2xxx_firmware -
CVE-2017-7927 HIGH

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-836,CWE-798,

Products Affected

Vendor Product Version
dahuasecurity dh-ipc-hdbw23a0rn-zs_firmware -
dahuasecurity dh-ipc-hdbw13a0sn_firmware -
dahuasecurity dh-ipc-hdw4xxx_firmware -
dahuasecurity dhi-hcvr51a04he-s3_firmware -
dahuasecurity dh-sd6cxx_firmware -
dahuasecurity dh-ipc-hfw4xxx_firmware -
dahuasecurity dh-ipc-hdw1xxx_firmware -
dahuasecurity dh-ipc-hfw1xxx_firmware -
dahuasecurity dh-hcvr5xxx_firmware -
dahuasecurity dh-ipc-hfw2xxx_firmware -
dahuasecurity dh-nvr1xxx_firmware -
dahuasecurity dhi-hcvr51a08he-s3_firmware -
dahuasecurity dh-hcvr4xxx_firmware -
dahuasecurity dhi-hcvr58a32s-s2_firmware -
dahuasecurity dh-ipc-hdw2xxx_firmware -
CVE-2017-9314 MEDIUM

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dahuasecurity nvr5216-16p-4ks2_firmware *
dahuasecurity nvr5232-4ks2_firmware *
dahuasecurity nvr5416-4ks2_firmware *
dahuasecurity nvr5216-4ks2_firmware *
dahuasecurity nvr5864-4ks2_firmware *
dahuasecurity nvr5464-4ks2_firmware *
dahuasecurity nvr5208-8p-4ks2_firmware *
dahuasecurity nvr5832-4ks2_firmware *
dahuasecurity nvr5832-16p-4ks2_firmware *
dahuasecurity nvr5224-24p-4ks2_firmware *
dahuasecurity nvr5232-16p-4ks2_firmware *
dahuasecurity nvr5816-16p-4ks2_firmware *
dahuasecurity nvr5816-4ks2_firmware *
dahuasecurity nvr5416-16p-4ks2_firmware *
dahuasecurity nvr5208-4ks2_firmware *
dahuasecurity nvr5464-16p-4ks2_firmware *
dahuasecurity nvr5432-16p-4ks2_firmware *
dahuasecurity nvr5216-8p-4ks2_firmware *
dahuasecurity nvr5864-16p-4ks2_firmware *
dahuasecurity nvr5432-4ks2_firmware *
dahuasecurity nvr5424-24p-4ks2_firmware *
dahuasecurity nvr5232-8p-4ks2_firmware *
CVE-2017-9315 MEDIUM

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity ipc-hfw4xxx_firmware -
dahuasecurity ipc-hf5xxx_firmware -
dahuasecurity ipc-hum8xxx_firmware -
dahuasecurity ipc-hdbw1xxx_firmware -
dahuasecurity ipc-hdw2xxx_firmware -
dahuasecurity ipc-hfw5xxx_firmware -
dahuasecurity ipc-hdbw5xxx_firmware -
dahuasecurity ipc-pdbw8xxx_firmware -
dahuasecurity ipc-hdw4xxx_firmware -
dahuasecurity ipc-hdbw2xxx_firmware -
dahuasecurity dh-sd4xxxxx_firmware -
dahuasecurity ipc-pfw8xxx_firmware -
dahuasecurity dh-sd6xxxxx_firmware -
dahuasecurity ipc-hfw1xxx_firmware -
dahuasecurity ipc-hdbw8xxx_firmware -
dahuasecurity ipc-hf8xxx_firmware -
dahuasecurity ipc-ebw8xxx_firmware -
dahuasecurity ipc-hdw1xxx_firmware -
dahuasecurity ipc-hdbw4xxx_firmware -
dahuasecurity dh-sd2xxxxx_firmware -
dahuasecurity dh-sd5xxxxx_firmware -
dahuasecurity psd8xxxx_firmware -
dahuasecurity ipc-hdw5xxx_firmware -
dahuasecurity ipc-hfw8xxx_firmware -
dahuasecurity ipc-hfw2xxx_firmware -
CVE-2017-9316 MEDIUM

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dahuasecurity ipc-hdbw5x00_firmware 2.420.0006.0.r.20150311
dahuasecurity nvr11hs_firmware 3.210.0000.2.r.20150715
dahuasecurity ipc-hdw5x00_firmware 2.400.0000.3.r.20150312
dahuasecurity nvr11hs_firmware 3.210.0000.1.r.20150420
dahuasecurity ipc-hdw4300s_firmware 2.420.0008.0.r.20150710
dahuasecurity ipc-hf5x00_firmware 2.400.0000.3.r.20150312
dahuasecurity ipc-hdw4300s_firmware 2.400.0000.0.r.20131231
dahuasecurity ipc-hdw4300s_firmware 2.420.0007.0.r.20150409
dahuasecurity ipc-hdw4300s_firmware 2.420.0002.0.r.20140621
dahuasecurity nvr11hs_firmware 3.210.0000.0.r.20150206
dahuasecurity ipc-hdw4300s_firmware 2.420.0000.0.r.20140419
dahuasecurity nvr11hs_firmware 3.210.0000.3.r.20150921
dahuasecurity nvr11hs_firmware 3.210.0000.5.r.20160803
dahuasecurity ipc-hdw4300s_firmware 2.420.0006.0.r.20150311
dahuasecurity ipc-hdw4x00_firmware 2.420.0006.0.r.20150311
dahuasecurity ipc-hfw4x00_firmware 2.420.0006.0.r.20150311
dahuasecurity nvr11hs_firmware 3.210.0000.5.r.20160409
dahuasecurity ipc-hfw5x00_firmware 2.400.0000.3.r.20150312
dahuasecurity ipc-hdbw5x00_firmware 2.400.0000.3.r.20150312
dahuasecurity nvr11hs_firmware 3.210.0000.5.r.20170305
dahuasecurity nvr11hs_firmware 3.210.0000.5.r.20161226
dahuasecurity nvr11hs_firmware 3.210.0000.5.r.20160603
dahuasecurity ipc-hfw4x00_firmware 2.400.0000.3.r.20150312
dahuasecurity ipc-hdw4300s_firmware 2.420.0002.0.r.20140724
dahuasecurity ipc-hdw4300s_firmware 2.240.0009.0.r.20131015
dahuasecurity ipc-hdbw4x00_firmware 2.400.0000.3.r.20150312
dahuasecurity nvr11hs_firmware 3.210.0000.5.r.20170321
dahuasecurity ipc-hfw5x00_firmware 2.420.0006.0.r.20150311
dahuasecurity ipc-hdbw4x00_firmware 2.420.0006.0.r.20150311
dahuasecurity ipc-hf5x00_firmware 2.420.0006.0.r.20150311
dahuasecurity ipc-hdw4300s_firmware 2.420.0005.0.r.20141205
dahuasecurity ipc-hdw4x00_firmware 2.400.0000.3.r.20150312
dahuasecurity ipc-hdw5x00_firmware 2.420.0006.0.r.20150311
CVE-2017-9317 MEDIUM

Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity xvr5x08_firmware *
dahuasecurity xvr5x04_firmware *
dahuasecurity xvr7x16_firmware *
dahuasecurity ipc-hdbw5xxx_firmware *
dahuasecurity xvr5x16_firmware *
dahuasecurity ipc-hdbw4xxx_firmware *
CVE-2019-9676 HIGH

Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dahuasecurity ipc-hfw2xxx_firmware *
dahuasecurity ipc-hfw1xxx_firmware *
dahuasecurity ipc-hdw1xxx_firmware *
CVE-2019-9677 HIGH

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
dahuasecurity ipc-hdw5x2x_firmware *
dahuasecurity ipc-hfw5x2x_firmware *
dahuasecurity ipc-hdw4x2x_firmware *
dahuasecurity ipc-hdbw4x2x_firmware *
dahuasecurity ipc-hfw1x2x_firmware *
dahuasecurity ipc-hfw2x2x_firmware *
dahuasecurity ipc-hfw4x2x_firmware *
dahuasecurity ipc-hdw1x2x_firmware *
dahuasecurity ipc-hdw2x2x_firmware *
CVE-2019-9678 MEDIUM

Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity ipc-hdw5x2x_firmware *
dahuasecurity ipc-hfw5x2x_firmware *
dahuasecurity ipc-hdw4x2x_firmware *
dahuasecurity ipc-hdbw4x2x_firmware *
dahuasecurity ipc-hfw1x2x_firmware *
dahuasecurity ipc-hfw2x2x_firmware *
dahuasecurity ipc-hfw4x2x_firmware *
dahuasecurity ipc-hdw1x2x_firmware *
dahuasecurity ipc-hdw2x2x_firmware *
CVE-2019-9679 MEDIUM

Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
dahuasecurity ipc-hdw5x2x_firmware *
dahuasecurity ipc-hfw5x2x_firmware *
dahuasecurity ipc-hdw4x2x_firmware *
dahuasecurity ipc-hdbw4x2x_firmware *
dahuasecurity ipc-hfw1x2x_firmware *
dahuasecurity ipc-hfw2x2x_firmware *
dahuasecurity ipc-hfw4x2x_firmware *
dahuasecurity ipc-hdw1x2x_firmware *
dahuasecurity ipc-hdw2x2x_firmware *
CVE-2019-9680 MEDIUM

Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity ipc-hdw5x2x_firmware *
dahuasecurity ipc-hfw5x2x_firmware *
dahuasecurity ipc-hdw4x2x_firmware *
dahuasecurity ipc-hdbw4x2x_firmware *
dahuasecurity ipc-hfw1x2x_firmware *
dahuasecurity ipc-hfw2x2x_firmware *
dahuasecurity ipc-hfw4x2x_firmware *
dahuasecurity ipc-hdw1x2x_firmware *
dahuasecurity ipc-hdw2x2x_firmware *
CVE-2019-9681 MEDIUM

Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
dahuasecurity ipc-hdw5x2x_firmware *
dahuasecurity ipc-hfw5x2x_firmware *
dahuasecurity ipc-hdw4x2x_firmware *
dahuasecurity ipc-hdbw4x2x_firmware *
dahuasecurity ipc-hfw1x2x_firmware *
dahuasecurity ipc-hfw2x2x_firmware *
dahuasecurity ipc-hfw4x2x_firmware *
dahuasecurity ipc-hdw1x2x_firmware *
dahuasecurity ipc-hdw2x2x_firmware *
CVE-2019-9682 MEDIUM

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
dahuasecurity n52b3p_firmware *
dahuasecurity n54b2p_firmware *
dahuasecurity ipc-hdbw1320e-w_firmware *
dahuasecurity sd6al_firmware *
dahuasecurity n52a4p_firmware *
dahuasecurity n54a4p_firmware *
dahuasecurity ipc-hx2xxx_firmware *
dahuasecurity n42b1p_firmware *
dahuasecurity sd52c_firmware *
dahuasecurity sd1a_firmware *
dahuasecurity n52b5p_firmware *
dahuasecurity sd50_firmware *
dahuasecurity sd5a_firmware *
dahuasecurity n52b2p_firmware *
dahuasecurity ipc-hx5842h_firmware *
dahuasecurity ptz1a_firmware *
dahuasecurity ipc-hx7842h_firmware *
dahuasecurity ipc-hxxx5x4x_firmware *
dahuasecurity n42b3p_firmware *
dahuasecurity n42b2p_firmware *
CVE-2020-9499 MEDIUM

Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
dahuasecurity n52b3p_firmware *
dahuasecurity n54b2p_firmware *
dahuasecurity sd6al_firmware *
dahuasecurity n52a4p_firmware *
dahuasecurity n54a4p_firmware *
dahuasecurity ipc-hx2xxx_firmware *
dahuasecurity n42b1p_firmware *
dahuasecurity sd52c_firmware *
dahuasecurity sd1a_firmware *
dahuasecurity n52b5p_firmware *
dahuasecurity sd50_firmware *
dahuasecurity sd5a_firmware *
dahuasecurity n52b2p_firmware *
dahuasecurity ipc-hx5842h_firmware *
dahuasecurity ptz1a_firmware *
dahuasecurity ipc-hx7842h_firmware *
dahuasecurity ipc-hxxx5x4x_firmware *
dahuasecurity n42b3p_firmware *
dahuasecurity n42b2p_firmware *
CVE-2020-9500 MEDIUM

Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity n52b3p_firmware *
dahuasecurity n54b2p_firmware *
dahuasecurity sd6al_firmware *
dahuasecurity n52a4p_firmware *
dahuasecurity n54a4p_firmware *
dahuasecurity ipc-hx2xxx_firmware *
dahuasecurity n42b1p_firmware *
dahuasecurity sd52c_firmware *
dahuasecurity sd1a_firmware *
dahuasecurity n52b5p_firmware *
dahuasecurity sd50_firmware *
dahuasecurity sd5a_firmware *
dahuasecurity n52b2p_firmware *
dahuasecurity ipc-hx5842h_firmware *
dahuasecurity ptz1a_firmware *
dahuasecurity ipc-hx7842h_firmware *
dahuasecurity ipc-hxxx5x4x_firmware *
dahuasecurity n42b3p_firmware *
dahuasecurity n42b2p_firmware *
CVE-2020-9501 LOW

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity web_p2p *
CVE-2020-9502 HIGH

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
dahuasecurity n52b3p_firmware *
dahuasecurity n54b2p_firmware *
dahuasecurity ipc-hdbw1320e-w_firmware *
dahuasecurity sd6al_firmware *
dahuasecurity n52a4p_firmware *
dahuasecurity n54a4p_firmware *
dahuasecurity ipc-hx2xxx_firmware *
dahuasecurity n42b1p_firmware *
dahuasecurity sd52c_firmware *
dahuasecurity sd1a_firmware *
dahuasecurity n52b5p_firmware *
dahuasecurity sd50_firmware *
dahuasecurity sd5a_firmware *
dahuasecurity n52b2p_firmware *
dahuasecurity ipc-hx5842h_firmware *
dahuasecurity ptz1a_firmware *
dahuasecurity ipc-hx7842h_firmware *
dahuasecurity ipc-hxxx5x4x_firmware *
dahuasecurity n42b3p_firmware *
dahuasecurity n42b2p_firmware *
CVE-2021-33044 HIGH

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
dahuasecurity tpc-sd2221_firmware *
dahuasecurity ipc-hx3xxx_firmware *
dahuasecurity vto-65xxx_firmware *
dahuasecurity sd6al_firmware *
dahuasecurity tpc-bf1241_firmware *
dahuasecurity sd49_firmware *
dahuasecurity vth-542xh_firmware *
dahuasecurity sd41_firmware *
dahuasecurity ipc-hum7xxx_firmware *
dahuasecurity sd52c_firmware *
dahuasecurity vto-75x95x_firmware *
dahuasecurity sd50_firmware *
dahuasecurity tpc-bf2221_firmware *
dahuasecurity tpc-bf5x01_firmware *
dahuasecurity ipc-hx5xxx_firmware *
dahuasecurity sd22_firmware *
dahuasecurity tpc-sd8x21_firmware *
dahuasecurity tpc-bf5x21_firmware *
dahuasecurity sd1a1_firmware *
dahuasecurity tpc-pt8x21b_firmware *
CVE-2021-33045 HIGH

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
dahuasecurity nvr-6xx_firmware *
dahuasecurity xvr-4x04_firmware *
dahuasecurity xvr-7x32_firmware *
dahuasecurity ipc-hx3xxx_firmware *
dahuasecurity vto-65xxx_firmware *
dahuasecurity xvr-7x16_firmware *
dahuasecurity nvr-2xxx_firmware *
dahuasecurity vth-542xh_firmware *
dahuasecurity nvr-5xxx_firmware *
dahuasecurity xvr-5x16_firmware *
dahuasecurity ipc-hum7xxx_firmware *
dahuasecurity vto-75x95x_firmware *
dahuasecurity nvr-4xxx_firmware *
dahuasecurity ipc-hx5xxx_firmware *
dahuasecurity xvr-5x08_firmware *
dahuasecurity xvr-4x04_firmware -
dahuasecurity xvr-4x08_firmware *
dahuasecurity xvr-5x04_firmware *
dahuasecurity nvr-1xxx_firmware *
CVE-2021-33046 HIGH

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
dahuasecurity tpc-sd2221_firmware *
dahuasecurity sd6al_firmware *
dahuasecurity tpc-bf1241_firmware *
dahuasecurity sd49_firmware *
dahuasecurity hcvr7xxx_firmware *
dahuasecurity tpc-pt8x21x_firmware *
dahuasecurity xvr7xxx_firmware *
dahuasecurity nvr1xxx_firmware *
dahuasecurity xvr4xxx_firmware *
dahuasecurity tpc-sd8x21_firmware *
dahuasecurity vtox20xf_firmware *
dahuasecurity hcvr8xxx_firmware *
dahuasecurity ipc-hx3xxx_firmware *
dahuasecurity ipc-hx2xxx_firmware *
dahuasecurity nvr4xxx_firmware *
dahuasecurity sd52c_firmware *
dahuasecurity nvr5xxx_firmware *
dahuasecurity sd50_firmware *
dahuasecurity ipc-hx1xxx_firmware *
dahuasecurity asc2204c_firmware *
dahuasecurity tpc-bf2221_firmware *
dahuasecurity nvr2xxx_firmware *
dahuasecurity tpc-bf5x01_firmware *
dahuasecurity ipc-hx5xxx_firmware *
dahuasecurity sd22_firmware *
dahuasecurity xvr5xxx_firmware *
dahuasecurity ipc-hx5(4)(3)xxx_firmware *
dahuasecurity sd1a1_firmware *
CVE-2022-30560 MEDIUM

When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity ipc-hfw2831t-zas-s2_firmware *
dahuasecurity ipc-hdbw2831r-zs-s2_firmware *
dahuasecurity ipc-hdbw2231r-zs-s2_firmware *
dahuasecurity ipc-hfw2531s-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zas-s2_firmware *
dahuasecurity ipc-hfw2439s-sa-led-s2_firmware *
dahuasecurity ipc-hdbw2431e-s-s2_firmware *
dahuasecurity ipc-hfw2431s-s-s2_firmware *
dahuasecurity ipc-hdbw2231e-s-s2_firmware *
dahuasecurity ipc-hdbw2831e-s-s2_firmware *
dahuasecurity ipc-hfw2431t-as-s2_firmware *
dahuasecurity asi7223x-a_firmware *
dahuasecurity ipc-hfw2231t-as-s2_firmware *
dahuasecurity ipc-hfw2239s-sa-led-s2_firmware *
dahuasecurity ipc-hfw2431t-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-as-s2_firmware *
dahuasecurity ipc-hfw2531t-zs-s2_firmware *
dahuasecurity ipc-hdbw2831r-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-zas-s2_firmware *
dahuasecurity ipc-hfw2831t-as-s2_firmware *
dahuasecurity ipc-hfw2439m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zas-s2_firmware *
dahuasecurity ipc-hdbw2231f-as-s2_firmware *
dahuasecurity asi7213x_firmware *
dahuasecurity ipc-hfw2831t-zs-s2_firmware *
dahuasecurity ipc-hdbw2230e-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zs-s2_firmware *
dahuasecurity ipc-hfw2239m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zas-s2_firmware *
dahuasecurity ipc-hfw2231s-s-s2_firmware *
dahuasecurity ipc-hdbw2531e-s-s2_firmware *
dahuasecurity ipc-hdbw2231r-zas-s2_firmware *
dahuasecurity asi7213x-t1_firmware *
dahuasecurity ipc-hfw2230s-s-s2_firmware *
dahuasecurity ipc-hfw2831s-s-s2_firmware *
dahuasecurity ipc-hfw2431t-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zs-s2_firmware *
dahuasecurity ipc-hfw2231m-as-i2-b-s2_firmware *
dahuasecurity asi7223x-a-t1_firmware *
CVE-2022-30561 MEDIUM

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity ipc-hfw2831t-zas-s2_firmware *
dahuasecurity ipc-hdbw2831r-zs-s2_firmware *
dahuasecurity ipc-hdbw2231r-zs-s2_firmware *
dahuasecurity ipc-hfw2531s-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zas-s2_firmware *
dahuasecurity ipc-hfw2439s-sa-led-s2_firmware *
dahuasecurity ipc-hdbw2431e-s-s2_firmware *
dahuasecurity ipc-hfw2431s-s-s2_firmware *
dahuasecurity ipc-hdbw2231e-s-s2_firmware *
dahuasecurity ipc-hdbw2831e-s-s2_firmware *
dahuasecurity ipc-hfw2431t-as-s2_firmware *
dahuasecurity asi7223x-a_firmware *
dahuasecurity ipc-hfw2231t-as-s2_firmware *
dahuasecurity ipc-hfw2239s-sa-led-s2_firmware *
dahuasecurity ipc-hfw2431t-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-as-s2_firmware *
dahuasecurity ipc-hfw2531t-zs-s2_firmware *
dahuasecurity ipc-hdbw2831r-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-zas-s2_firmware *
dahuasecurity ipc-hfw2831t-as-s2_firmware *
dahuasecurity ipc-hfw2439m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zas-s2_firmware *
dahuasecurity ipc-hdbw2231f-as-s2_firmware *
dahuasecurity asi7213x_firmware *
dahuasecurity ipc-hfw2831t-zs-s2_firmware *
dahuasecurity ipc-hdbw2230e-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zs-s2_firmware *
dahuasecurity ipc-hfw2239m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zas-s2_firmware *
dahuasecurity ipc-hfw2231s-s-s2_firmware *
dahuasecurity ipc-hdbw2531e-s-s2_firmware *
dahuasecurity ipc-hdbw2231r-zas-s2_firmware *
dahuasecurity asi7213x-t1_firmware *
dahuasecurity ipc-hfw2230s-s-s2_firmware *
dahuasecurity ipc-hfw2831s-s-s2_firmware *
dahuasecurity ipc-hfw2431t-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zs-s2_firmware *
dahuasecurity ipc-hfw2231m-as-i2-b-s2_firmware *
dahuasecurity asi7223x-a-t1_firmware *
CVE-2022-30562 MEDIUM

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N 1.6 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
dahuasecurity ipc-hfw2831t-zas-s2_firmware *
dahuasecurity ipc-hdbw2831r-zs-s2_firmware *
dahuasecurity ipc-hdbw2231r-zs-s2_firmware *
dahuasecurity ipc-hfw2531s-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zas-s2_firmware *
dahuasecurity ipc-hfw2439s-sa-led-s2_firmware *
dahuasecurity ipc-hdbw2431e-s-s2_firmware *
dahuasecurity ipc-hfw2431s-s-s2_firmware *
dahuasecurity ipc-hdbw2231e-s-s2_firmware *
dahuasecurity ipc-hdbw2831e-s-s2_firmware *
dahuasecurity ipc-hfw2431t-as-s2_firmware *
dahuasecurity asi7223x-a_firmware *
dahuasecurity ipc-hfw2231t-as-s2_firmware *
dahuasecurity ipc-hfw2239s-sa-led-s2_firmware *
dahuasecurity ipc-hfw2431t-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-as-s2_firmware *
dahuasecurity ipc-hfw2531t-zs-s2_firmware *
dahuasecurity ipc-hdbw2831r-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-zas-s2_firmware *
dahuasecurity ipc-hfw2831t-as-s2_firmware *
dahuasecurity ipc-hfw2439m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zas-s2_firmware *
dahuasecurity ipc-hdbw2231f-as-s2_firmware *
dahuasecurity asi7213x_firmware *
dahuasecurity ipc-hfw2831t-zs-s2_firmware *
dahuasecurity ipc-hdbw2230e-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zs-s2_firmware *
dahuasecurity ipc-hfw2239m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zas-s2_firmware *
dahuasecurity ipc-hfw2231s-s-s2_firmware *
dahuasecurity ipc-hdbw2531e-s-s2_firmware *
dahuasecurity ipc-hdbw2231r-zas-s2_firmware *
dahuasecurity asi7213x-t1_firmware *
dahuasecurity ipc-hfw2230s-s-s2_firmware *
dahuasecurity ipc-hfw2831s-s-s2_firmware *
dahuasecurity ipc-hfw2431t-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zs-s2_firmware *
dahuasecurity ipc-hfw2231m-as-i2-b-s2_firmware *
dahuasecurity asi7223x-a-t1_firmware *
CVE-2022-30563 MEDIUM

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 2.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
dahuasecurity ipc-hfw2831t-zas-s2_firmware *
dahuasecurity ipc-hdbw2831r-zs-s2_firmware *
dahuasecurity ipc-hdbw2231r-zs-s2_firmware *
dahuasecurity ipc-hfw2531s-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zas-s2_firmware *
dahuasecurity ipc-hfw2439s-sa-led-s2_firmware *
dahuasecurity ipc-hdbw2431e-s-s2_firmware *
dahuasecurity ipc-hfw2431s-s-s2_firmware *
dahuasecurity ipc-hdbw2231e-s-s2_firmware *
dahuasecurity ipc-hdbw2831e-s-s2_firmware *
dahuasecurity ipc-hfw2431t-as-s2_firmware *
dahuasecurity asi7223x-a_firmware *
dahuasecurity ipc-hfw2231t-as-s2_firmware *
dahuasecurity ipc-hfw2239s-sa-led-s2_firmware *
dahuasecurity ipc-hfw2431t-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-as-s2_firmware *
dahuasecurity ipc-hfw2531t-zs-s2_firmware *
dahuasecurity ipc-hdbw2831r-zas-s2_firmware *
dahuasecurity ipc-hfw2531t-zas-s2_firmware *
dahuasecurity ipc-hfw2831t-as-s2_firmware *
dahuasecurity ipc-hfw2439m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zas-s2_firmware *
dahuasecurity ipc-hdbw2231f-as-s2_firmware *
dahuasecurity asi7213x_firmware *
dahuasecurity ipc-hfw2831t-zs-s2_firmware *
dahuasecurity ipc-hdbw2230e-s-s2_firmware *
dahuasecurity ipc-hfw2231t-zs-s2_firmware *
dahuasecurity ipc-hfw2239m-as-led-b-s2_firmware *
dahuasecurity ipc-hdbw2531r-zas-s2_firmware *
dahuasecurity ipc-hfw2231s-s-s2_firmware *
dahuasecurity ipc-hdbw2531e-s-s2_firmware *
dahuasecurity ipc-hdbw2231r-zas-s2_firmware *
dahuasecurity asi7213x-t1_firmware *
dahuasecurity ipc-hfw2230s-s-s2_firmware *
dahuasecurity ipc-hfw2831s-s-s2_firmware *
dahuasecurity ipc-hfw2431t-zs-s2_firmware *
dahuasecurity ipc-hdbw2431r-zs-s2_firmware *
dahuasecurity ipc-hfw2231m-as-i2-b-s2_firmware *
dahuasecurity asi7223x-a-t1_firmware *
CVE-2022-30564

Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
dahuasecurity nvr2116-i_firmware *
dahuasecurity nvr4416-16p-4ks2/i_firmware *
dahuasecurity xvr5108c-x_firmware *
dahuasecurity sd22404t-gn_firmware *
dahuasecurity nvr2108-i_firmware *
dahuasecurity nvr2108hs-i_firmware *
dahuasecurity xvr5416l-i2_firmware *
dahuasecurity xvr5232an-x_firmware *
dahuasecurity xvr5116h-i2_firmware *
dahuasecurity sd22204t-gn-s2_firmware *
dahuasecurity xvr5408l-i2_firmware *
dahuasecurity sd59225u-hni_firmware *
dahuasecurity nvr5216-16p-i/l_firmware *
dahuasecurity nvr2216-i_firmware *
dahuasecurity xvr5108h-i2_firmware *
dahuasecurity sd5a225xa-hnr-sl_firmware *
dahuasecurity sd59432xa-hnr_firmware *
dahuasecurity sd5a825ga-hnr_firmware *
dahuasecurity xvr5216a-x_firmware *
dahuasecurity sd22204db-gny-w_firmware *
dahuasecurity nvr4432-16p-4ks2/i_firmware *
dahuasecurity nvr4432-i_firmware *
dahuasecurity sd5a425ga-hnr_firmware *
dahuasecurity sd5a232xb-hnr-ac_firmware *
dahuasecurity sd22204-gc-lb_firmware *
dahuasecurity sd22204db-gny_firmware *
dahuasecurity nvr2104hs-i_firmware *
dahuasecurity sd5a232xb-hnr-p_firmware *
dahuasecurity nvr4832-16p-4ks2/i_firmware *
dahuasecurity sd59232xa-hnr_firmware *
dahuasecurity xvr5216a-i2_firmware *
dahuasecurity xvr4104c-x_firmware *
dahuasecurity sd5a445xa-hnr_firmware *
dahuasecurity sd59232-hc-la_firmware *
dahuasecurity xvr5432l-i2_firmware *
dahuasecurity sd22404t-gn-w_firmware *
dahuasecurity nvr2104-i_firmware *
dahuasecurity xvr4108c-x_firmware *
dahuasecurity nvr4832-i_firmware *
dahuasecurity xvr5108hs-i2_firmware *
dahuasecurity nvr5832-i/l_firmware *
dahuasecurity sd5a445xa-hnr-1t_firmware *
dahuasecurity nvr4832-4ks2/i_firmware *
dahuasecurity nvr4432-4ks2/i_firmware *
dahuasecurity sd5a245xa-hnr_firmware *
dahuasecurity sd59131i-hc(-s3)_firmware *
dahuasecurity xvr5104he-i2_firmware *
dahuasecurity sd5a245gb-hnr_firmware *
dahuasecurity sd5a225gb-hnr_firmware *
dahuasecurity sd5a232xb-hnr_firmware *
dahuasecurity xvr5116hs-i2_firmware *
dahuasecurity sd5a232gb-hnr_firmware *
dahuasecurity xvr5816s-i2_firmware *
dahuasecurity sd22204ue-gn_firmware *
dahuasecurity xvr4108hs-x_firmware *
dahuasecurity ipc-hf5541f-ze_firmware *
dahuasecurity sd5a825-hnr-ya_firmware *
dahuasecurity sd59230i-hc(-s3)_firmware *
dahuasecurity sd22204ue-gn-w_firmware *
dahuasecurity nvr4416-4ks2/i_firmware *
dahuasecurity xvr5808s-i2_firmware *
dahuasecurity xvr5108he-i2_firmware *
dahuasecurity nvr2116hs-i_firmware *
dahuasecurity xvr5104h-i2_firmware *
dahuasecurity sd59430i-hc_firmware *
dahuasecurity nvr5864-i/l_firmware *
dahuasecurity nvr5216-8p-i/l_firmware *
dahuasecurity xvr5116he-i2_firmware *
dahuasecurity ipc-hf71242f-z-x_firmware *
dahuasecurity xvr5432l-x_firmware *
dahuasecurity nvr2208-i_firmware *
dahuasecurity sd59225-hc-la_firmware *
dahuasecurity xvr5104hs-i2_firmware *
dahuasecurity nvr4816-4ks2/i_firmware *
dahuasecurity sd59225i-hc(-s3)_firmware *
dahuasecurity xvr5832s-x_firmware *
dahuasecurity sd5a445gb-hnr_firmware *
dahuasecurity nvr4816-16p-4ks2/i_firmware *
dahuasecurity ipc-hf5241f-ze_firmware *
dahuasecurity nvr2204-i_firmware *
dahuasecurity nvr5832/5864-i_firmware *
dahuasecurity xvr5832s-i2_firmware *
dahuasecurity sd5a432gb-hnr_firmware *
dahuasecurity sd5a425xa-hnr_firmware *
dahuasecurity nvr4216-i_firmware *
dahuasecurity nvr5432-16p-i/l_firmware *
dahuasecurity xvr4116hs-x_firmware *
dahuasecurity xvr5216an-x_firmware *
dahuasecurity ipc-hf5442f-ze_firmware *
dahuasecurity xvr5232an-i2_firmware *
dahuasecurity ipc-hf7842f-z-x_firmware *
dahuasecurity xvr4104hs-x_firmware *
dahuasecurity xvr5216an-i2_firmware *
dahuasecurity sd5a225xa-hnr_firmware *
dahuasecurity sd5a225gb-hnr-sl_firmware *
dahuasecurity ipc-hf5842f-ze_firmware *
dahuasecurity ipc-hf7442f-z-x_firmware *
CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45424

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45425

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45426

Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45427

Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45428

Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45429

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45430

Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45431

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45432

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45433

Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2022-45434

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.

Products Affected

Vendor Product Version
dahuasecurity dhi-dss7016d-s2_firmware 8.0.4
dahuasecurity dhi-dss7016dr-s2_firmware 1.001.0000001.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.1
dahuasecurity dss_express 7.002.1760000.2
dahuasecurity dss_express 8.0.2
dahuasecurity dhi-dss7016d-s2_firmware 8.0.2
dahuasecurity dhi-dss4004-s2_firmware 8.0.4
dahuasecurity dss_professional 8.0.2
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.2
dahuasecurity dss_express 8.0.4
dahuasecurity dhi-dss7016d-s2_firmware 1.001.0000001.2
dahuasecurity dss_professional 7.002.1760000.2
dahuasecurity dss_professional 8.0.4
dahuasecurity dss_professional 8.1.1
dahuasecurity dhi-dss7016d-s2_firmware 8.1
dahuasecurity dhi-dss4004-s2_firmware 1.001.0000001.2
dahuasecurity dss_express 8.1.1
dahuasecurity dhi-dss4004-s2_firmware 8.1
dahuasecurity dss_express 8.1
dahuasecurity dss_professional 8.1
dahuasecurity dhi-dss7016dr-s2_firmware 8.0.4
dahuasecurity dhi-dss4004-s2_firmware 8.0.2
CVE-2023-3121 LOW

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: LOW

Problem Type: CWE-918,CWE-918,

Products Affected

Vendor Product Version
dahuasecurity smart_parking_management *
CVE-2023-3836 MEDIUM

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
dahuasecurity smart_parking_management *
CVE-2024-39944

A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@dahuatech.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dahuasecurity nvr4116hs-4ks3_firmware *
dahuasecurity nvr4416-16p-4ks2/i_firmware *
dahuasecurity ipc-hfs8849g-z3-led_firmware *
dahuasecurity nvr4208-4ks3_firmware *
dahuasecurity nvr4232-4ks2/l_firmware *
dahuasecurity nvr4416-4ks2/i_firmware *
dahuasecurity nvr4104-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3_firmware *
dahuasecurity nvr4104hs-p-4ks2/l_firmware *
dahuasecurity nvr4116-8p-4ks3_firmware *
dahuasecurity nvr4116-4ks3_firmware *
dahuasecurity nvr4104hs-4ks2/l_firmware *
dahuasecurity nvr4216-4ks3_firmware *
dahuasecurity nvr4108-4ks2/l_firmware 4.003.0000000.1.r.240515
dahuasecurity nvr4216-16p-4ks3_firmware *
dahuasecurity nvr4432-16p-4ks2/i_firmware *
dahuasecurity nvr4108-4ks3_firmware *
dahuasecurity nvr4232-16p-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks3_firmware *
dahuasecurity nvr4216-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks3(960g)_firmware *
dahuasecurity nvr4208-8p-4ks3_firmware *
dahuasecurity nvr4816-4ks2/i_firmware *
dahuasecurity nvr4832-16p-4ks2/i_firmware *
dahuasecurity nvr4204-p-4ks2/l_firmware *
dahuasecurity nvr4104-4ks3_firmware *
dahuasecurity nvr4108hs-4ks3_firmware *
dahuasecurity nvr4104hs-4ks3_firmware *
dahuasecurity ipc-hfs8449g-z7-led_firmware *
dahuasecurity nvr4108hs-p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks2/l_firmware *
dahuasecurity nvr4204-p-4ks3_firmware *
dahuasecurity nvr4816-16p-4ks2/i_firmware *
dahuasecurity nvr4104hs-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks2/l_firmware *
dahuasecurity nvr4108hs-8p-4ks2/l_firmware *
dahuasecurity nvr4216-16p-4ks2/l_firmware *
dahuasecurity nvr4108hs-p-4ks3_firmware *
dahuasecurity nvr4204-4ks2/l_firmware *
dahuasecurity nvr4832-4ks2/i_firmware *
dahuasecurity nvr4108hs-8p-4ks3_firmware *
dahuasecurity nvr4432-4ks2/i_firmware *
dahuasecurity nvr4232-4ks3_firmware *
dahuasecurity nvr4116hs-8p-4ks3_firmware *
dahuasecurity nvr4116-8p-4ks2/l_firmware *
dahuasecurity nvr4232-16p-4ks2/l_firmware *
dahuasecurity nvr4116hs-8p-4ks2/l_firmware *
dahuasecurity nvr4208-8p-4ks2/l_firmware *
dahuasecurity nvr4116hs-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3(960g)_firmware *
dahuasecurity nvr4116-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks2/l_firmware *
dahuasecurity nvr4208-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3_firmware *
dahuasecurity nvr4204-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks3_firmware *
CVE-2024-39945

A vulnerability has been found in Dahua products.  After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@dahuatech.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
dahuasecurity nvr4116hs-4ks3_firmware *
dahuasecurity nvr4416-16p-4ks2/i_firmware *
dahuasecurity nvr4208-4ks3_firmware *
dahuasecurity nvr4232-4ks2/l_firmware *
dahuasecurity nvr4416-4ks2/i_firmware *
dahuasecurity nvr4104-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3_firmware *
dahuasecurity nvr4104hs-p-4ks2/l_firmware *
dahuasecurity nvr4116-8p-4ks3_firmware *
dahuasecurity nvr4116-4ks3_firmware *
dahuasecurity nvr4104hs-4ks2/l_firmware *
dahuasecurity nvr4216-4ks3_firmware *
dahuasecurity nvr4108-4ks2/l_firmware 4.003.0000000.1.r.240515
dahuasecurity nvr4216-16p-4ks3_firmware *
dahuasecurity nvr4432-16p-4ks2/i_firmware *
dahuasecurity nvr4108-4ks3_firmware *
dahuasecurity nvr4232-16p-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks3_firmware *
dahuasecurity nvr4216-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks3(960g)_firmware *
dahuasecurity nvr4208-8p-4ks3_firmware *
dahuasecurity nvr4816-4ks2/i_firmware *
dahuasecurity nvr4832-16p-4ks2/i_firmware *
dahuasecurity nvr4204-p-4ks2/l_firmware *
dahuasecurity nvr4104-4ks3_firmware *
dahuasecurity nvr4108hs-4ks3_firmware *
dahuasecurity nvr4104hs-4ks3_firmware *
dahuasecurity nvr4108hs-p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks2/l_firmware *
dahuasecurity nvr4204-p-4ks3_firmware *
dahuasecurity nvr4816-16p-4ks2/i_firmware *
dahuasecurity nvr4104hs-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks2/l_firmware *
dahuasecurity nvr4108hs-8p-4ks2/l_firmware *
dahuasecurity nvr4216-16p-4ks2/l_firmware *
dahuasecurity nvr4108hs-p-4ks3_firmware *
dahuasecurity nvr4204-4ks2/l_firmware *
dahuasecurity nvr4832-4ks2/i_firmware *
dahuasecurity nvr4108hs-8p-4ks3_firmware *
dahuasecurity nvr4432-4ks2/i_firmware *
dahuasecurity nvr4232-4ks3_firmware *
dahuasecurity nvr4116hs-8p-4ks3_firmware *
dahuasecurity nvr4116-8p-4ks2/l_firmware *
dahuasecurity nvr4232-16p-4ks2/l_firmware *
dahuasecurity nvr4116hs-8p-4ks2/l_firmware *
dahuasecurity nvr4208-8p-4ks2/l_firmware *
dahuasecurity nvr4116hs-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3(960g)_firmware *
dahuasecurity nvr4116-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks2/l_firmware *
dahuasecurity nvr4208-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3_firmware *
dahuasecurity nvr4204-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks3_firmware *
CVE-2024-39948

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@dahuatech.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dahuasecurity nvr4116hs-4ks3_firmware *
dahuasecurity nvr4416-16p-4ks2/i_firmware *
dahuasecurity nvr4208-4ks3_firmware *
dahuasecurity nvr4232-4ks2/l_firmware *
dahuasecurity nvr4416-4ks2/i_firmware *
dahuasecurity nvr4104-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3_firmware *
dahuasecurity nvr4104hs-p-4ks2/l_firmware *
dahuasecurity nvr4116-8p-4ks3_firmware *
dahuasecurity nvr4116-4ks3_firmware *
dahuasecurity nvr4104hs-4ks2/l_firmware *
dahuasecurity nvr4216-4ks3_firmware *
dahuasecurity nvr4108-4ks2/l_firmware 4.003.0000000.1.r.240515
dahuasecurity nvr4216-16p-4ks3_firmware *
dahuasecurity nvr4432-16p-4ks2/i_firmware *
dahuasecurity nvr4108-4ks3_firmware *
dahuasecurity nvr4232-16p-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks3_firmware *
dahuasecurity nvr4216-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks3(960g)_firmware *
dahuasecurity nvr4208-8p-4ks3_firmware *
dahuasecurity nvr4816-4ks2/i_firmware *
dahuasecurity nvr4832-16p-4ks2/i_firmware *
dahuasecurity nvr4204-p-4ks2/l_firmware *
dahuasecurity nvr4104-4ks3_firmware *
dahuasecurity nvr4108hs-4ks3_firmware *
dahuasecurity nvr4104hs-4ks3_firmware *
dahuasecurity nvr4108hs-p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks2/l_firmware *
dahuasecurity nvr4204-p-4ks3_firmware *
dahuasecurity nvr4816-16p-4ks2/i_firmware *
dahuasecurity nvr4104hs-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks2/l_firmware *
dahuasecurity nvr4108hs-8p-4ks2/l_firmware *
dahuasecurity nvr4216-16p-4ks2/l_firmware *
dahuasecurity nvr4108hs-p-4ks3_firmware *
dahuasecurity nvr4204-4ks2/l_firmware *
dahuasecurity nvr4832-4ks2/i_firmware *
dahuasecurity nvr4108hs-8p-4ks3_firmware *
dahuasecurity nvr4432-4ks2/i_firmware *
dahuasecurity nvr4232-4ks3_firmware *
dahuasecurity nvr4116hs-8p-4ks3_firmware *
dahuasecurity nvr4116-8p-4ks2/l_firmware *
dahuasecurity nvr4232-16p-4ks2/l_firmware *
dahuasecurity nvr4116hs-8p-4ks2/l_firmware *
dahuasecurity nvr4208-8p-4ks2/l_firmware *
dahuasecurity nvr4116hs-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3(960g)_firmware *
dahuasecurity nvr4116-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks2/l_firmware *
dahuasecurity nvr4208-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3_firmware *
dahuasecurity nvr4204-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks3_firmware *
CVE-2024-39949

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@dahuatech.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
dahuasecurity nvr4116hs-4ks3_firmware *
dahuasecurity nvr4416-16p-4ks2/i_firmware *
dahuasecurity nvr4208-4ks3_firmware *
dahuasecurity nvr4232-4ks2/l_firmware *
dahuasecurity nvr4416-4ks2/i_firmware *
dahuasecurity nvr4104-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3_firmware *
dahuasecurity nvr4104hs-p-4ks2/l_firmware *
dahuasecurity nvr4116-8p-4ks3_firmware *
dahuasecurity nvr4116-4ks3_firmware *
dahuasecurity nvr4104hs-4ks2/l_firmware *
dahuasecurity nvr4216-4ks3_firmware *
dahuasecurity nvr4108-4ks2/l_firmware 4.003.0000000.1.r.240515
dahuasecurity nvr4216-16p-4ks3_firmware *
dahuasecurity nvr4432-16p-4ks2/i_firmware *
dahuasecurity nvr4108-4ks3_firmware *
dahuasecurity nvr4232-16p-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks3_firmware *
dahuasecurity nvr4216-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks3(960g)_firmware *
dahuasecurity nvr4208-8p-4ks3_firmware *
dahuasecurity nvr4816-4ks2/i_firmware *
dahuasecurity nvr4832-16p-4ks2/i_firmware *
dahuasecurity nvr4204-p-4ks2/l_firmware *
dahuasecurity nvr4104-4ks3_firmware *
dahuasecurity nvr4108hs-4ks3_firmware *
dahuasecurity nvr4104hs-4ks3_firmware *
dahuasecurity nvr4108hs-p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks2/l_firmware *
dahuasecurity nvr4204-p-4ks3_firmware *
dahuasecurity nvr4816-16p-4ks2/i_firmware *
dahuasecurity nvr4104hs-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks2/l_firmware *
dahuasecurity nvr4108hs-8p-4ks2/l_firmware *
dahuasecurity nvr4216-16p-4ks2/l_firmware *
dahuasecurity nvr4108hs-p-4ks3_firmware *
dahuasecurity nvr4204-4ks2/l_firmware *
dahuasecurity nvr4832-4ks2/i_firmware *
dahuasecurity nvr4108hs-8p-4ks3_firmware *
dahuasecurity nvr4432-4ks2/i_firmware *
dahuasecurity nvr4232-4ks3_firmware *
dahuasecurity nvr4116hs-8p-4ks3_firmware *
dahuasecurity nvr4116-8p-4ks2/l_firmware *
dahuasecurity nvr4232-16p-4ks2/l_firmware *
dahuasecurity nvr4116hs-8p-4ks2/l_firmware *
dahuasecurity nvr4208-8p-4ks2/l_firmware *
dahuasecurity nvr4116hs-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3(960g)_firmware *
dahuasecurity nvr4116-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks2/l_firmware *
dahuasecurity nvr4208-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3_firmware *
dahuasecurity nvr4204-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks3_firmware *
CVE-2024-39950

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cybersecurity@dahuatech.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 3.9 4.7

Products Affected

Vendor Product Version
dahuasecurity nvr4116hs-4ks3_firmware *
dahuasecurity nvr4416-16p-4ks2/i_firmware *
dahuasecurity ipc-hfs8849g-z3-led_firmware *
dahuasecurity nvr4208-4ks3_firmware *
dahuasecurity nvr4232-4ks2/l_firmware *
dahuasecurity nvr4416-4ks2/i_firmware *
dahuasecurity nvr4104-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3_firmware *
dahuasecurity nvr4104hs-p-4ks2/l_firmware *
dahuasecurity nvr4116-8p-4ks3_firmware *
dahuasecurity nvr4116-4ks3_firmware *
dahuasecurity nvr4104hs-4ks2/l_firmware *
dahuasecurity nvr4216-4ks3_firmware *
dahuasecurity nvr4108-4ks2/l_firmware 4.003.0000000.1.r.240515
dahuasecurity nvr4216-16p-4ks3_firmware *
dahuasecurity nvr4432-16p-4ks2/i_firmware *
dahuasecurity nvr4108-4ks3_firmware *
dahuasecurity nvr4232-16p-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks3_firmware *
dahuasecurity nvr4216-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks3(960g)_firmware *
dahuasecurity nvr4208-8p-4ks3_firmware *
dahuasecurity nvr4816-4ks2/i_firmware *
dahuasecurity nvr4832-16p-4ks2/i_firmware *
dahuasecurity nvr4204-p-4ks2/l_firmware *
dahuasecurity nvr4104-4ks3_firmware *
dahuasecurity nvr4108hs-4ks3_firmware *
dahuasecurity nvr4104hs-4ks3_firmware *
dahuasecurity ipc-hfs8449g-z7-led_firmware *
dahuasecurity nvr4108hs-p-4ks2/l_firmware *
dahuasecurity nvr4108-p-4ks2/l_firmware *
dahuasecurity nvr4204-p-4ks3_firmware *
dahuasecurity nvr4816-16p-4ks2/i_firmware *
dahuasecurity nvr4104hs-4ks3(960g)_firmware *
dahuasecurity nvr4108hs-4ks2/l_firmware *
dahuasecurity nvr4108hs-8p-4ks2/l_firmware *
dahuasecurity nvr4216-16p-4ks2/l_firmware *
dahuasecurity nvr4108hs-p-4ks3_firmware *
dahuasecurity nvr4204-4ks2/l_firmware *
dahuasecurity nvr4832-4ks2/i_firmware *
dahuasecurity nvr4108hs-8p-4ks3_firmware *
dahuasecurity nvr4432-4ks2/i_firmware *
dahuasecurity nvr4232-4ks3_firmware *
dahuasecurity nvr4116hs-8p-4ks3_firmware *
dahuasecurity nvr4116-8p-4ks2/l_firmware *
dahuasecurity nvr4232-16p-4ks2/l_firmware *
dahuasecurity nvr4116hs-8p-4ks2/l_firmware *
dahuasecurity nvr4208-8p-4ks2/l_firmware *
dahuasecurity nvr4116hs-4ks2/l_firmware *
dahuasecurity nvr4104hs-p-4ks3(960g)_firmware *
dahuasecurity nvr4116-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks2/l_firmware *
dahuasecurity nvr4208-4ks2/l_firmware *
dahuasecurity nvr4104-p-4ks3_firmware *
dahuasecurity nvr4204-4ks3_firmware *
dahuasecurity nvr4108-8p-4ks3_firmware *