CVE-2024-39949
HIGHDahuasecurity Nvr4104-4ks2/l Firmware - Reachable Assertion
Title source: ruleDescription
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
References (1)
Core 1
Core References
Vendor Advisory
https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768
Scores
CVSS v3
7.5
EPSS
0.0056
EPSS Percentile
42.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
CWE-617
Status
published
Products (50)
dahuasecurity/nvr4104-4ks2\/l_firmware
< 4.003.0000000.1.r.240515
dahuasecurity/nvr4104-4ks3_firmware
< 4.003.0000000.0.r.240312
dahuasecurity/nvr4104-p-4ks2\/l_firmware
< 4.003.0000000.1.r.240515
dahuasecurity/nvr4104-p-4ks3\(960g\)_firmware
< 4.003.0000000.0.r.240312
dahuasecurity/nvr4104-p-4ks3_firmware
< 4.003.0000000.0.r.240312
dahuasecurity/nvr4104hs-4ks2\/l_firmware
< 4.003.0000000.1.r.240515
dahuasecurity/nvr4104hs-4ks3\(960g\)_firmware
< 4.003.0000000.0.r.240312
dahuasecurity/nvr4104hs-4ks3_firmware
< 4.003.0000000.0.r.240312
dahuasecurity/nvr4104hs-p-4ks2\/l_firmware
< 4.003.0000000.1.r.240515
dahuasecurity/nvr4104hs-p-4ks3\(960g\)_firmware
< 4.003.0000000.0.r.240312
... and 40 more
Published
Jul 31, 2024
Tracked Since
Feb 18, 2026