CVE-2019-9676

CVE-2019-9676

by adidionxlm

Abstract Advisory Information

A buffer overflow vulnerability found in some Dahua IP Camera devices.
This buffer overflow permits to control execution flow and could be used to perform illegitimate code execution.

Authors: Jean-Marie Bourbon

Version affected

Product DH-IPC-HFW1XXX, IPC-HFW2XXX, IPC-HDW1XXX with firmware build before November 2018.

Common Vulnerability Scoring System

7.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Patches

Updated firmwares are available on https://www.dahuasecurity.com/support/downloadCenter/firmware?id=111

References

https://www.dahuasecurity.com/support/cybersecurity/details/617

Vulnerability Disclosure Timeline

  • 25-02-2019: Vulnerability identification
  • 01-03-2019: First Contact to Vendor
  • 05-03-2019: Acknowledgement from Vendor
  • 11-04-2019: CVE-ID assigned by Vendor
  • 31-05-2019: Vendor announces disclosure for June 10th
  • 10-06-2019: Public disclosure
Top