Details of VAR-201906-0243

ID

VAR-201906-0243

CVE

CVE-2019-9676

TITLE

plural Dahua IP Camera Buffer error vulnerability in product devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005507

DESCRIPTION

Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. Dahua IPC-HFW1XXX , IPC-HDW1XXX , IPC-HFW2XXX The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaIPC-HFW1XXX and so on are all IP cameras from Dahua, China

Trust: 2.16

sources: NVD: CVE-2019-9676 // JVNDB: JVNDB-2019-005507 // CNVD: CNVD-2019-17496

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['camera device']	sub_category:	IP camera	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-17496

AFFECTED PRODUCTS

vendor:	dahuasecurity	model:	ipc-hfw1xxx	scope:	lt	version:	2018-11	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw1xxx	scope:	lt	version:	2018-11	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hfw2xxx	scope:	lt	version:	2018-11	Trust: 1.0
vendor:	dahua	model:	ipc-hdw1xxx	scope:	eq	version:	2018/11	Trust: 0.8
vendor:	dahua	model:	ipc-hfw1xxx	scope:	eq	version:	2018/11	Trust: 0.8
vendor:	dahua	model:	ipc-hfw2xxx	scope:	eq	version:	2018/11	Trust: 0.8
vendor:	dahua	model:	ipc-hdw1xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	ipc-hfw2xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	ipc-hfw1xxx	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-17496 // JVNDB: JVNDB-2019-005507 // NVD: CVE-2019-9676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-9676
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-9676
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-17496
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-556
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-9676
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-17496
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-9676
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-17496 // JVNDB: JVNDB-2019-005507 // CNNVD: CNNVD-201906-556 // NVD: CVE-2019-9676

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2019-005507 // NVD: CVE-2019-9676

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201906-556

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-556

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005507

PATCH

title:	Security Advisory - Buffer overflow vulnerability found in some Dahua IP Camera devices	url:	https://www.dahuasecurity.com/support/cybersecurity/details/617	Trust: 0.8
title:	Patch for DahuaIPC-HFW1XXX, IPC-HDW1XXX, and IPC-HFW2XXX Buffer Overflow Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/163559	Trust: 0.6
title:	Dahua IPC-HFW1XXX , IPC-HDW1XXX and IPC-HFW2XXX Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93789	Trust: 0.6

sources: CNVD: CNVD-2019-17496 // JVNDB: JVNDB-2019-005507 // CNNVD: CNNVD-201906-556

EXTERNAL IDS

db:	NVD	id:	CVE-2019-9676	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-005507	Trust: 0.8
db:	CNVD	id:	CNVD-2019-17496	Trust: 0.6
db:	CNNVD	id:	CNNVD-201906-556	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-17496 // JVNDB: JVNDB-2019-005507 // CNNVD: CNNVD-201906-556 // NVD: CVE-2019-9676

REFERENCES

url:	https://www.dahuasecurity.com/support/cybersecurity/details/617	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9676	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-9676	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-17496 // JVNDB: JVNDB-2019-005507 // CNNVD: CNNVD-201906-556 // NVD: CVE-2019-9676

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-17496
db:	JVNDB	id:	JVNDB-2019-005507
db:	CNNVD	id:	CNNVD-201906-556
db:	NVD	id:	CVE-2019-9676

LAST UPDATE DATE

2025-01-30T22:31:06.609000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-17496	date:	2019-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-005507	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201906-556	date:	2019-06-18T00:00:00
db:	NVD	id:	CVE-2019-9676	date:	2024-11-21T04:52:05.710

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-17496	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2019-005507	date:	2019-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201906-556	date:	2019-06-12T00:00:00
db:	NVD	id:	CVE-2019-9676	date:	2019-06-12T15:29:00.957