CVE-2019-9682 — HIGH (8.1) — White Hats Nepal

Q: How severe is CVE-2019-9682?

CVE-2019-9682 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-9682?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Sd6Al Firmware, Dahuasecurity Sd6Al, Dahuasecurity Sd5A Firmware, Dahuasecurity Sd5A, Dahuasecurity Sd1A Firmware.

Vulnerability Description

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dahuasecurity	Sd6Al Firmware	< 2019-12
Dahuasecurity	Sd6Al	-
Dahuasecurity	Sd5A Firmware	< 2019-12
Dahuasecurity	Sd5A	-
Dahuasecurity	Sd1A Firmware	< 2019-12
Dahuasecurity	Sd1A	-
Dahuasecurity	Ptz1A Firmware	< 2019-12
Dahuasecurity	Ptz1A	-
Dahuasecurity	Sd50 Firmware	< 2019-12
Dahuasecurity	Sd50	-
Dahuasecurity	Sd52C Firmware	< 2019-12
Dahuasecurity	Sd52C	-
Dahuasecurity	Ipc-Hx5842H Firmware	< 2019-12
Dahuasecurity	Ipc-Hx5842H	-
Dahuasecurity	Ipc-Hx7842H Firmware	< 2019-12
Dahuasecurity	Ipc-Hx7842H	-
Dahuasecurity	Ipc-Hx2Xxx Firmware	< 2019-12
Dahuasecurity	Ipc-Hx2Xxx	-
Dahuasecurity	Ipc-Hxxx5X4X Firmware	< 2019-12
Dahuasecurity	Ipc-Hxxx5X4X	-

Related Weaknesses (CWE)

CWE-276

References

https://www.dahuasecurity.com/support/cybersecurity/details/767Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/767Vendor Advisory

FAQ

What is CVE-2019-9682?

CVE-2019-9682 is a vulnerability with a CVSS score of 8.1 (HIGH). Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak securit...

How severe is CVE-2019-9682?

CVE-2019-9682 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9682?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Sd6Al Firmware, Dahuasecurity Sd6Al, Dahuasecurity Sd5A Firmware, Dahuasecurity Sd5A, Dahuasecurity Sd1A Firmware.