CVE-2019-9682

HIGH

Dahua Firmware < 2019-12 - Unauthenticated Weak Security Login Mode

Title source: llm

Description

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dahuasecurity.com/support/cybersecurity/details/767

Scores

CVSS v3 8.1

EPSS 0.0086

EPSS Percentile 53.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (20)

dahuasecurity/ipc-hdbw1320e-w_firmware < 2019-12

dahuasecurity/ipc-hx2xxx_firmware < 2019-12

dahuasecurity/ipc-hx5842h_firmware < 2019-12

dahuasecurity/ipc-hx7842h_firmware < 2019-12

dahuasecurity/ipc-hxxx5x4x_firmware < 2019-12

dahuasecurity/n42b1p_firmware < 2019-12

dahuasecurity/n42b2p_firmware < 2019-12

dahuasecurity/n42b3p_firmware < 2019-12

dahuasecurity/n52a4p_firmware < 2019-12

dahuasecurity/n52b2p_firmware < 2019-12

... and 10 more

Published May 13, 2020

Tracked Since Feb 18, 2026