Vulnerability Description
Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Ipc-Hdw1X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdw1X2X | - |
| Dahuasecurity | Ipc-Hfw1X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw1X2X | - |
| Dahuasecurity | Ipc-Hdw2X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdw2X2X | - |
| Dahuasecurity | Ipc-Hfw2X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw2X2X | - |
| Dahuasecurity | Ipc-Hdw4X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdw4X2X | - |
| Dahuasecurity | Ipc-Hfw4X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw4X2X | - |
| Dahuasecurity | Ipc-Hdbw4X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdbw4X2X | - |
| Dahuasecurity | Ipc-Hdw5X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hdw5X2X | - |
| Dahuasecurity | Ipc-Hfw5X2X Firmware | < 2019-08-18 |
| Dahuasecurity | Ipc-Hfw5X2X | - |
References
- https://www.dahuasecurity.com/support/cybersecurity/details/637PatchVendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/637PatchVendor Advisory
FAQ
What is CVE-2019-9680?
CVE-2019-9680 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets. Affected products include: I...
How severe is CVE-2019-9680?
CVE-2019-9680 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9680?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hdw1X2X Firmware, Dahuasecurity Ipc-Hdw1X2X, Dahuasecurity Ipc-Hfw1X2X Firmware, Dahuasecurity Ipc-Hfw1X2X, Dahuasecurity Ipc-Hdw2X2X Firmware.