CVE-2019-9681
First published: Tue Sep 17 2019(Updated: )
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
Credit: cybersecurity@dahuatech.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahuasecurity Ipc-hdw1x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hdw1x2x | ||
| Dahuasecurity Ipc-hfw1x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hfw1x2x | ||
| Dahuasecurity Ipc-hdw2x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hdw2x2x | ||
| Dahuasecurity Ipc-hfw2x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hfw2x2x | ||
| Dahuasecurity Ipc-hdw4x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hdw4x2x | ||
| Dahuasecurity Ipc-hfw4x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hfw4x2x | ||
| Dahuasecurity Ipc-hdbw4x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hdbw4x2x | ||
| Dahuasecurity Ipc-hdw5x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hdw5x2x | ||
| Dahuasecurity Ipc-hfw5x2x Firmware | <2019-08-18 | |
| Dahuasecurity Ipc-hfw5x2x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-9681?
CVE-2019-9681 is a vulnerability in the firmware packages of Dahua products that allows attackers to obtain unencrypted online upgrade information.
Which products are affected by CVE-2019-9681?
The affected products include IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X, and IPC-HFW5X2X.
How severe is CVE-2019-9681?
CVE-2019-9681 has a severity rating of 5.3, which is considered medium.
How can attackers exploit CVE-2019-9681?
Attackers can exploit CVE-2019-9681 by analyzing vulnerable firmware packages to obtain unencrypted online upgrade information.
Is there a fix for CVE-2019-9681?
To fix CVE-2019-9681, it is recommended to update the firmware of the affected Dahua products to a version released after August 18, 2019.
- collector/nvd-index
- agent/references
- agent/tags
- agent/event
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/dahuasecurity
- canonical/dahuasecurity ipc-hdw1x2x firmware
- canonical/dahuasecurity ipc-hdw1x2x
- canonical/dahuasecurity ipc-hfw1x2x firmware
- canonical/dahuasecurity ipc-hfw1x2x
- canonical/dahuasecurity ipc-hdw2x2x firmware
- canonical/dahuasecurity ipc-hdw2x2x
- canonical/dahuasecurity ipc-hfw2x2x firmware
- canonical/dahuasecurity ipc-hfw2x2x
- canonical/dahuasecurity ipc-hdw4x2x firmware
- canonical/dahuasecurity ipc-hdw4x2x
- canonical/dahuasecurity ipc-hfw4x2x firmware
- canonical/dahuasecurity ipc-hfw4x2x
- canonical/dahuasecurity ipc-hdbw4x2x firmware
- canonical/dahuasecurity ipc-hdbw4x2x
- canonical/dahuasecurity ipc-hdw5x2x firmware
- canonical/dahuasecurity ipc-hdw5x2x
- canonical/dahuasecurity ipc-hfw5x2x firmware
- canonical/dahuasecurity ipc-hfw5x2x