Vulnerability Details : CVE-2019-9682
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.
Products affected by CVE-2019-9682
- cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:ipc-hdbw1320e-w_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-9682
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-9682
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2019-9682
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-9682
-
https://www.dahuasecurity.com/support/cybersecurity/details/767
Security Advisory –Login authentication compatibility vulnerabilities found in some Dahua productsVendor Advisory
Jump to