CVE-2019-9677

EPSS 0.86%
Veröffentlicht 18.09.2019 19:15:10
Zuletzt bearbeitet 21.11.2024 04:52:05
Quelle cybersecurity@dahuatech.com
CVE-Watchlists
Login
Unerledigt
Login

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dahuasecurity ≫ Ipc-hdw1x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hdw1x2x Version-

Dahuasecurity ≫ Ipc-hfw1x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hfw1x2x Version-

Dahuasecurity ≫ Ipc-hdw2x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hdw2x2x Version-

Dahuasecurity ≫ Ipc-hfw2x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hfw2x2x Version-

Dahuasecurity ≫ Ipc-hdw4x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hdw4x2x Version-

Dahuasecurity ≫ Ipc-hfw4x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hfw4x2x Version-

Dahuasecurity ≫ Ipc-hdbw4x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hdbw4x2x Version-

Dahuasecurity ≫ Ipc-hdw5x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hdw5x2x Version-

Dahuasecurity ≫ Ipc-hfw5x2x Firmware Version < 2019-08-18

Dahuasecurity ≫ Ipc-hfw5x2x Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.743

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.dahuasecurity.com/support/cybersecurity/details/637

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-9677

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-9677

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-9677

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-9677