CVE-2019-9681 — MEDIUM (5.3)

Q: How severe is CVE-2019-9681?

CVE-2019-9681 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-9681?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hdw1X2X Firmware, Dahuasecurity Ipc-Hdw1X2X, Dahuasecurity Ipc-Hfw1X2X Firmware, Dahuasecurity Ipc-Hfw1X2X, Dahuasecurity Ipc-Hdw2X2X Firmware.

Vulnerability Description

Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dahuasecurity	Ipc-Hdw1X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hdw1X2X	-
Dahuasecurity	Ipc-Hfw1X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hfw1X2X	-
Dahuasecurity	Ipc-Hdw2X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hdw2X2X	-
Dahuasecurity	Ipc-Hfw2X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hfw2X2X	-
Dahuasecurity	Ipc-Hdw4X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hdw4X2X	-
Dahuasecurity	Ipc-Hfw4X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hfw4X2X	-
Dahuasecurity	Ipc-Hdbw4X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hdbw4X2X	-
Dahuasecurity	Ipc-Hdw5X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hdw5X2X	-
Dahuasecurity	Ipc-Hfw5X2X Firmware	< 2019-08-18
Dahuasecurity	Ipc-Hfw5X2X	-

Related Weaknesses (CWE)

CWE-311

References

https://www.dahuasecurity.com/support/cybersecurity/details/637PatchVendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/637PatchVendor Advisory

FAQ

What is CVE-2019-9681?

CVE-2019-9681 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products inclu...

How severe is CVE-2019-9681?

CVE-2019-9681 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9681?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hdw1X2X Firmware, Dahuasecurity Ipc-Hdw1X2X, Dahuasecurity Ipc-Hfw1X2X Firmware, Dahuasecurity Ipc-Hfw1X2X, Dahuasecurity Ipc-Hdw2X2X Firmware.