CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9677
https://notcve.org/view.php?id=CVE-2019-9677
18 Sep 2019 — The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. Los campos específicos de la interfaz CGI de algunos productos Dahua no están estrictamente verificados, un atacante puede causar un desbordamiento del búfer... • https://www.dahuasecurity.com/support/cybersecurity/details/637 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9678
https://notcve.org/view.php?id=CVE-2019-9678
18 Sep 2019 — Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. Algunos productos Dahua presentan el problema de denegación de servicio durante el proceso de inicio de sesión. Un atacante puede causar que un dispositivo se b... • https://www.dahuasecurity.com/support/cybersecurity/details/637 •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9680
https://notcve.org/view.php?id=CVE-2019-9680
18 Sep 2019 — Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. Algunos productos Dahua tienen problemas de filtración de información. Los atacantes pueden obtener la dirección IP y la información del modelo del... • https://www.dahuasecurity.com/support/cybersecurity/details/637 •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9679
https://notcve.org/view.php?id=CVE-2019-9679
18 Sep 2019 — Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. Algunas de las funciones de Depuración de Dahua no poseen separación de permisos. Usuarios poco privilegiados pueden usar la función de Depuración después de iniciar sesión. • https://www.dahuasecurity.com/support/cybersecurity/details/637 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9681
https://notcve.org/view.php?id=CVE-2019-9681
17 Sep 2019 — Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. La información de actualización en línea en algunos paquetes de firmware de productos Dahua no está encriptada. Los atacantes pueden obtener es... • https://www.dahuasecurity.com/support/cybersecurity/details/637 • CWE-311: Missing Encryption of Sensitive Data •