Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0042.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HDBW1320E-W affected
Version Status Constraints
Versions which Build time before December,2019 affected

Configuration 1 [-]

AND
cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n54a4p:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:dahuasecurity:ipc-hdbw1320e-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hdbw1320e-w:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Dahuasecurity Subscribe
Ipc-hdbw1320e-w Subscribe
Ipc-hdbw1320e-w Firmware Subscribe
Ipc-hx2xxx Subscribe
Ipc-hx2xxx Firmware Subscribe
Ipc-hx5842h Subscribe
Ipc-hx5842h Firmware Subscribe
Ipc-hx7842h Subscribe
Ipc-hx7842h Firmware Subscribe
Ipc-hxxx5x4x Subscribe
Ipc-hxxx5x4x Firmware Subscribe
N42b1p Subscribe
N42b1p Firmware Subscribe
N42b2p Subscribe
N42b2p Firmware Subscribe
N42b3p Subscribe
N42b3p Firmware Subscribe
N52a4p Subscribe
N52a4p Firmware Subscribe
N52b2p Subscribe
N52b2p Firmware Subscribe
N52b3p Subscribe
N52b3p Firmware Subscribe
N52b5p Subscribe
N52b5p Firmware Subscribe
N54a4p Subscribe
N54a4p Firmware Subscribe
N54b2p Subscribe
N54b2p Firmware Subscribe
Ptz1a Subscribe
Ptz1a Firmware Subscribe
Sd1a Subscribe
Sd1a Firmware Subscribe
Sd50 Subscribe
Sd50 Firmware Subscribe
Sd52c Subscribe
Sd52c Firmware Subscribe
Sd5a Subscribe
Sd5a Firmware Subscribe
Sd6al Subscribe
Sd6al Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2019-19048 Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.dahuasecurity.com/support/cybersecurity/details/767 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: dahua

Published:

Updated: 2024-08-04T21:54:45.174Z

Reserved: 2019-03-11T00:00:00

Link: CVE-2019-9682

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-13T16:15:12.870

Modified: 2024-11-21T04:52:06.380

Link: CVE-2019-9682

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses