CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9501
https://notcve.org/view.php?id=CVE-2020-9501
13 May 2020 — Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected. Los atacantes pueden obtener información de Cloud Key del control Dahua Web P2P de formas específicas. • https://www.dahuasecurity.com/support/cybersecurity/details/757 •
CVSS: 8.1EPSS: 0%CPEs: 40EXPL: 0CVE-2019-9682
https://notcve.org/view.php?id=CVE-2019-9682
13 May 2020 — Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method. Los dispositivos Dahua con tiempo de Compilación antes de diciembre de 2... • https://www.dahuasecurity.com/support/cybersecurity/details/767 • CWE-276: Incorrect Default Permissions •
CVSS: 4.9EPSS: 0%CPEs: 38EXPL: 0CVE-2020-9500
https://notcve.org/view.php?id=CVE-2020-9500
09 Apr 2020 — Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Algunos productos de Dahua presentan vulnerabilidades de denegación de servicio. Después del inicio de sesión con éxito de la cuenta legal, el atacante envía un comando de consulta de registro específico, lo que puede causar que el dispositivo se caiga. • https://www.dahuasecurity.com/support/cybersecurity/details/727 •
CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 0CVE-2020-9499
https://notcve.org/view.php?id=CVE-2020-9499
09 Apr 2020 — Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Algunos productos Dahua presentan vulnerabilidades de desbordamiento de búfer. Después del inicio de sesión con éxito de la cuenta legal, el atacante envía un comando de prueba DDNS específico, que puede hacer que el dispositivo se caiga. • https://www.dahuasecurity.com/support/cybersecurity/details/727 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9677
https://notcve.org/view.php?id=CVE-2019-9677
18 Sep 2019 — The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. Los campos específicos de la interfaz CGI de algunos productos Dahua no están estrictamente verificados, un atacante puede causar un desbordamiento del búfer... • https://www.dahuasecurity.com/support/cybersecurity/details/637 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9678
https://notcve.org/view.php?id=CVE-2019-9678
18 Sep 2019 — Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. Algunos productos Dahua presentan el problema de denegación de servicio durante el proceso de inicio de sesión. Un atacante puede causar que un dispositivo se b... • https://www.dahuasecurity.com/support/cybersecurity/details/637 •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9680
https://notcve.org/view.php?id=CVE-2019-9680
18 Sep 2019 — Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019. Algunos productos Dahua tienen problemas de filtración de información. Los atacantes pueden obtener la dirección IP y la información del modelo del... • https://www.dahuasecurity.com/support/cybersecurity/details/637 •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9679
https://notcve.org/view.php?id=CVE-2019-9679
18 Sep 2019 — Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. Algunas de las funciones de Depuración de Dahua no poseen separación de permisos. Usuarios poco privilegiados pueden usar la función de Depuración después de iniciar sesión. • https://www.dahuasecurity.com/support/cybersecurity/details/637 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2019-9681
https://notcve.org/view.php?id=CVE-2019-9681
17 Sep 2019 — Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019. La información de actualización en línea en algunos paquetes de firmware de productos Dahua no está encriptada. Los atacantes pueden obtener es... • https://www.dahuasecurity.com/support/cybersecurity/details/637 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-9676
https://notcve.org/view.php?id=CVE-2019-9676
12 Jun 2019 — Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradual... • https://www.dahuasecurity.com/support/cybersecurity/details/617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •