CVSS: 10.0EPSS: 0%CPEs: 71EXPL: 0CVE-2024-39950
https://notcve.org/view.php?id=CVE-2024-39950
31 Jul 2024 — A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 67EXPL: 0CVE-2024-39949
https://notcve.org/view.php?id=CVE-2024-39949
31 Jul 2024 — A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 67EXPL: 0CVE-2024-39948
https://notcve.org/view.php?id=CVE-2024-39948
31 Jul 2024 — A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 56EXPL: 0CVE-2024-39947
https://notcve.org/view.php?id=CVE-2024-39947
31 Jul 2024 — A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768 •
CVSS: 8.3EPSS: 0%CPEs: 56EXPL: 0CVE-2024-39946
https://notcve.org/view.php?id=CVE-2024-39946
31 Jul 2024 — A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768 •
CVSS: 6.1EPSS: 0%CPEs: 56EXPL: 0CVE-2024-39945
https://notcve.org/view.php?id=CVE-2024-39945
31 Jul 2024 — A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. A vulnerability has been found in Dahua products. After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768 •
CVSS: 7.8EPSS: 0%CPEs: 71EXPL: 0CVE-2024-39944
https://notcve.org/view.php?id=CVE-2024-39944
31 Jul 2024 — A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. • https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 41%CPEs: 1EXPL: 3CVE-2023-3836 – Dahua Smart Park Management unrestricted upload
https://notcve.org/view.php?id=CVE-2023-3836
22 Jul 2023 — A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/codeb0ss/CVE-2023-3836 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3121 – Dahua Smart Parking Management image server-side request forgery
https://notcve.org/view.php?id=CVE-2023-3121
06 Jun 2023 — A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. • https://github.com/RCEraser/cve/blob/main/DaHua..md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 194EXPL: 0CVE-2022-30564
https://notcve.org/view.php?id=CVE-2022-30564
09 Feb 2023 — Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. • https://www.dahuasecurity.com/support/cybersecurity/details/1147 •