Vulnerabilites related to Amcrest - IP2M-841B
cve-2019-3948
Vulnerability from cvelistv5
Published
2019-07-29 21:47
Modified
2024-08-04 19:26
Severity ?
EPSS score ?
Summary
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Dahua IPC-XXBXX |
Version: V2.622.0000000.9.R |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/627?us"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dahua IPC-XXBXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.622.0000000.9.R"
}
]
},
{
"product": "Dahua IPC HX5X3X and HX4X3X",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.800.0000008.0.R"
}
]
},
{
"product": "Dahua DH-IPC HX883X and DH-IPC-HX863X",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.622.0000000.7.R"
}
]
},
{
"product": "Dahua DH-SD4XXXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.623.0000000.7.R"
}
]
},
{
"product": "Dahua DH-SD5XXXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.623.0000000.1.R"
}
]
},
{
"product": "Dahua DH-SD6XXXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V2.640.0000000.2.R and V2.623.0000000.1.R"
}
]
},
{
"product": "Dahua NVR5XX-4KS2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V3.216.0000006.0.R"
}
]
},
{
"product": "Dahua NVR4XXX-4KS2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V3.216.0000006.0.R and NVR2XXX-4KS2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 285 - Improper Access Control (Authorization)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-14T14:22:08",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/627?us"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dahua IPC-XXBXX",
"version": {
"version_data": [
{
"version_value": "V2.622.0000000.9.R"
}
]
}
},
{
"product_name": "Dahua IPC HX5X3X and HX4X3X",
"version": {
"version_data": [
{
"version_value": "V2.800.0000008.0.R"
}
]
}
},
{
"product_name": "Dahua DH-IPC HX883X and DH-IPC-HX863X",
"version": {
"version_data": [
{
"version_value": "V2.622.0000000.7.R"
}
]
}
},
{
"product_name": "Dahua DH-SD4XXXXX",
"version": {
"version_data": [
{
"version_value": "V2.623.0000000.7.R"
}
]
}
},
{
"product_name": "Dahua DH-SD5XXXXX",
"version": {
"version_data": [
{
"version_value": "V2.623.0000000.1.R"
}
]
}
},
{
"product_name": "Dahua DH-SD6XXXXX",
"version": {
"version_data": [
{
"version_value": "V2.640.0000000.2.R and V2.623.0000000.1.R"
}
]
}
},
{
"product_name": "Dahua NVR5XX-4KS2",
"version": {
"version_data": [
{
"version_value": "V3.216.0000006.0.R"
}
]
}
},
{
"product_name": "Dahua NVR4XXX-4KS2",
"version": {
"version_data": [
{
"version_value": "V3.216.0000006.0.R and NVR2XXX-4KS2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 285 - Improper Access Control (Authorization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-36"
},
{
"name": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html"
},
{
"name": "https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf",
"refsource": "MISC",
"url": "https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf"
},
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/627?us",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/627?us"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3948",
"datePublished": "2019-07-29T21:47:27",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:26:27.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-12984
Vulnerability from cvelistv5
Published
2024-12-27 14:31
Modified
2024-12-27 14:53
Severity ?
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.289377 | vdb-entry | |
| https://vuldb.com/?ctiid.289377 | signature, permissions-required | |
| https://vuldb.com/?submit.461109 | third-party-advisory | |
| https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4 | exploit |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Amcrest | IP2M-841B |
Version: 20241211 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12984",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T14:53:30.364152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T14:53:46.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "IP2M-841B",
"vendor": "Amcrest",
"versions": [
{
"status": "affected",
"version": "20241211"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "IP2M-841W",
"vendor": "Amcrest",
"versions": [
{
"status": "affected",
"version": "20241211"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "IPC-IP2M-841B",
"vendor": "Amcrest",
"versions": [
{
"status": "affected",
"version": "20241211"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "IPC-IP3M-943B",
"vendor": "Amcrest",
"versions": [
{
"status": "affected",
"version": "20241211"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "IPC-IP3M-943S",
"vendor": "Amcrest",
"versions": [
{
"status": "affected",
"version": "20241211"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "IPC-IP3M-HX2B",
"vendor": "Amcrest",
"versions": [
{
"status": "affected",
"version": "20241211"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "IPC-IPM-721S",
"vendor": "Amcrest",
"versions": [
{
"status": "affected",
"version": "20241211"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "netsecfish (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S bis 20241211 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /web_caps/webCapsConfig der Komponente Web Interface. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T14:31:05.483Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-289377 | Amcrest IP2M-841B Web Interface webCapsConfig information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.289377"
},
{
"name": "VDB-289377 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.289377"
},
{
"name": "Submit #461109 | Amcrest IP2M-841W, IPC-IP3M-HX2B, IPC-IP2M-841B, IPC-IPM-721S, IPC-IP3M-943B, IPC-IP3M-943S, IP2M-841B N/A Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.461109"
},
{
"tags": [
"exploit"
],
"url": "https://netsecfish.notion.site/AMCREST-IP-Camera-Information-Disclosure-1596b683e67c8045ad10c16b3eed456f?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-27T08:54:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Amcrest IP2M-841B Web Interface webCapsConfig information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12984",
"datePublished": "2024-12-27T14:31:05.483Z",
"dateReserved": "2024-12-27T07:49:43.408Z",
"dateUpdated": "2024-12-27T14:53:46.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201907-0246
Vulnerability from variot
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device. Amcrest IP2M-841B IP Camera firmware Contains an authentication vulnerability.Information may be obtained. The Amcrest IP2M-841B is an IP camera from Amcrest
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0246",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip2m-841b",
"scope": "eq",
"trust": 1.8,
"vendor": "amcrest",
"version": "2.520.ac00.18.r"
},
{
"model": "ipc-xxbxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "dh-sd6xxxxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "nvr5xxx-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "dh-ipc-hx883x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "dh-ipc-hx863x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "dh-sd5xxxxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "ipc-hx4x3x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "nvr2xxx-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "ipc-hx5x3x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "nvr4xxx-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "dh-sd4xxxxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahua",
"version": "2018-05-18"
},
{
"model": "dh-ipc-hx863x",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hx883x",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd4xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd5xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd6xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx4x3x",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx5x3x",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-xxbxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr2xxx-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ip2m-841b 2.520.ac00.18.r",
"scope": null,
"trust": 0.6,
"vendor": "amcrest",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:amcrest:ip2m-841b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hx863x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hx883x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd4xxxxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd5xxxxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd6xxxxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hx4x3x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-hx5x3x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:ipc-xxbxx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:nvr2xxx-4ks2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3948",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-25804",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-155383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3948",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3948",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3948",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-25804",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1485",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-155383",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-3948",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "VULHUB",
"id": "VHN-155383"
},
{
"db": "VULMON",
"id": "CVE-2019-3948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
},
{
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device. Amcrest IP2M-841B IP Camera firmware Contains an authentication vulnerability.Information may be obtained. The Amcrest IP2M-841B is an IP camera from Amcrest",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "VULHUB",
"id": "VHN-155383"
},
{
"db": "VULMON",
"id": "CVE-2019-3948"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47188",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3948"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3948",
"trust": 3.2
},
{
"db": "TENABLE",
"id": "TRA-2019-36",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "153813",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1485",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47188",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-25804",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155383",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3948",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "VULHUB",
"id": "VHN-155383"
},
{
"db": "VULMON",
"id": "CVE-2019-3948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
},
{
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"id": "VAR-201907-0246",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "VULHUB",
"id": "VHN-155383"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
}
]
},
"last_update_date": "2024-11-23T22:51:43.811000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IP2M-841B (Black)",
"trust": 0.8,
"url": "https://amcrest.com/amcrest-1080p-wifi-video-security-ip-camera-pt.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
},
{
"title": "AmcrestIP2M-841B authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/173073"
},
{
"title": "Amcrest IP2M-841B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95601"
},
{
"title": "Goby",
"trust": 0.1,
"url": "https://github.com/retr0-13/Goby "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/20142995/Goby "
},
{
"title": "sec-daily-2019",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2019 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/trivial-bug-turns-home-security-cameras-into-listening-posts/146835/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "VULMON",
"id": "CVE-2019-3948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155383"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/153813/amcrest-cameras-2.520.ac00.18.r-unauthenticated-audio-streaming.html"
},
{
"trust": 2.6,
"url": "https://www.tenable.com/security/research/tra-2019-36"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3948"
},
{
"trust": 1.8,
"url": "https://us.dahuasecurity.com/wp-content/uploads/2019/08/cybersecurity_2019-08-02.pdf"
},
{
"trust": 1.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/627?us"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3948"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/47188"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/trivial-bug-turns-home-security-cameras-into-listening-posts/146835/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "VULHUB",
"id": "VHN-155383"
},
{
"db": "VULMON",
"id": "CVE-2019-3948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
},
{
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"db": "VULHUB",
"id": "VHN-155383"
},
{
"db": "VULMON",
"id": "CVE-2019-3948"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
},
{
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"date": "2019-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-155383"
},
{
"date": "2019-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3948"
},
{
"date": "2019-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"date": "2019-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1485"
},
{
"date": "2019-07-29T22:15:12.253000",
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25804"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-155383"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3948"
},
{
"date": "2019-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007425"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1485"
},
{
"date": "2024-11-21T04:42:55.520000",
"db": "NVD",
"id": "CVE-2019-3948"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Amcrest IP2M-841B IP Camera firmware Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007425"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1485"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-07-29 22:15
Modified
2024-11-21 04:42
Severity ?
Summary
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| amcrest | ip2m-841b_firmware | 2.520.ac00.18.r | |
| amcrest | ip2m-841b | - | |
| dahua | dh-ipc-hx863x | * | |
| dahua | dh-ipc-hx883x | * | |
| dahua | dh-sd4xxxxx | * | |
| dahua | dh-sd5xxxxx | * | |
| dahua | dh-sd6xxxxx | * | |
| dahua | ipc-hx4x3x | * | |
| dahua | ipc-hx5x3x | * | |
| dahua | ipc-xxbxx | * | |
| dahua | nvr2xxx-4ks2 | * | |
| dahua | nvr4xxx-4ks2 | * | |
| dahua | nvr5xxx-4ks2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:amcrest:ip2m-841b_firmware:2.520.ac00.18.r:*:*:*:*:*:*:*",
"matchCriteriaId": "227426AD-9C92-409F-B9F0-4ED65D1B1C8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:amcrest:ip2m-841b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "153619F4-378C-4584-BDBA-EA5CEC63133E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahua:dh-ipc-hx863x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F551EC96-4EB1-4CF0-AB88-7296268893E4",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:dh-ipc-hx883x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAB9E21-DFA5-4063-A756-12FB0B3C74F7",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:dh-sd4xxxxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3BE5E7B-328F-40E2-9C72-CA70E04CA121",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:dh-sd5xxxxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2940CE-D025-4F22-AE79-4658471D9C2B",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:dh-sd6xxxxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E73BBAB3-F5DE-4AF6-BD84-7D79CDE3A28F",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:ipc-hx4x3x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1331F66B-420A-4309-B489-58238D602796",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:ipc-hx5x3x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED3D80-0BFF-4C09-8618-FA421713885D",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:ipc-xxbxx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "767BC11A-F349-4B9F-9868-A8C2DBDC209D",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:nvr2xxx-4ks2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E25D467-3BDE-4614-BB13-5ADD1E1FE750",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:nvr4xxx-4ks2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE5670-C425-4AB6-8566-D732B069A33E",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahua:nvr5xxx-4ks2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B39D29AC-C227-4210-8C10-C4B1FF525EEE",
"versionEndExcluding": "2018-05-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device."
},
{
"lang": "es",
"value": "El Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X y HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X y DH-IPC- HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R y V2.623.0000000.1 .R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R y NVR2XXX-4KS2 no requieren autenticaci\u00f3n para acceder al punto final HTTP / videotalk. Una persona remota no autenticada puede conectarse a este punto final y escuchar potencialmente el audio del dispositivo de captura."
}
],
"id": "CVE-2019-3948",
"lastModified": "2024-11-21T04:42:55.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-29T22:15:12.253",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html"
},
{
"source": "vulnreport@tenable.com",
"url": "https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf"
},
{
"source": "vulnreport@tenable.com",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/627?us"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/627?us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-36"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}