high
7.5
CWE
20
Advisory Published
Updated

CVE-2024-39948: Input Validation

First published: Wed Jul 31 2024(Updated: )

A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

Credit: cybersecurity@dahuatech.com

Affected SoftwareAffected VersionHow to fix
All of
Dahuasecurity Nvr4104-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahuasecurity NVR4104-4KS2/L
All of
Dahua Security NVR4108-4KS2/L Firmware=4.003.0000000.1.r.240515
Dahuasecurity Nvr4108-4ks2/l
All of
Dahua Security NVR4116-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4116-4KS2/L Firmware
All of
Dahuasecurity Nvr4104-p-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4104-P-4KS2/L
All of
Dahuasecurity NVR4108-P-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahuasecurity NVR4108-P-4KS2/L Firmware
All of
Dahuasecurity Nvr4108-8p-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahuasecurity Nvr4108-8p-4ks2/l
All of
Dahuasecurity Nvr4116-8p-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4116-8P-4KS2/L
All of
Dahuasecurity Nvr4104hs-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4104HS-4KS2/L
All of
Dahua Security NVR4108HS-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahuasecurity Nvr4108hs-4ks2/l
All of
Dahua Security NVR4104HS-P-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4104HS-P-4KS2/L
All of
Dahuasecurity Nvr4108hs-p-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahua NVR4108HS-P-4KS2/L
All of
Dahuasecurity NVR4108HS-8P-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahuasecurity Nvr4108hs-8p-4ks2/l
All of
Dahua Technology NVR4116HS-8P-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahuasecurity NVR4116HS-8P-4KS2/L
All of
Dahuasecurity NVR4204-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahuasecurity NVR4204-4KS2/L
All of
Dahuasecurity Nvr4208-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4208-4KS2/L
All of
Dahua Security NVR4216-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahua NVR4216-4KS2/L
All of
Dahuasecurity Nvr4204-p-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahuasecurity NVR4204-P-4KS2/L
All of
Dahuasecurity Nvr4208-8p-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4208-8P-4KS2/L
All of
Dahuasecurity NVR4216-16P-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4216-16P-4KS2/L
All of
Dahuasecurity Nvr4232-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahuasecurity NVR4232-4KS2/L
All of
Dahua Security NVR4232-16P-4KS2/L Firmware<4.003.0000000.1.r.240515
Dahuasecurity NVR4232-16P-4KS2/L
All of
Dahuasecurity Nvr4116hs-4ks2/l Firmware<4.003.0000000.1.r.240515
Dahua Security NVR4116HS-4KS2/L
All of
Dahuasecurity NVR4416-4KS2/i Firmware<4.001.0000001.6.r.240725
Dahua NVR4416-4KS2/i
All of
Dahuasecurity NVR4416-16P-4KS2/i Firmware<4.001.0000001.6.r.240725
Dahua NVR4416-16P-4KS2/i
All of
Dahuasecurity Nvr4432-16p-4ks2/i Firmware<4.001.0000001.6.r.240725
Dahua Security NVR4432-16P-4KS2/i
All of
Dahuasecurity Nvr4816-4ks2/i Firmware<4.001.0000001.6.r.240725
Dahuasecurity Nvr4816-4ks2/i
All of
Dahuasecurity Nvr4816-16p-4ks2/i Firmware<4.001.0000001.6.r.240725
Dahuasecurity Nvr4816-16p-4ks2/i
All of
Dahuasecurity Nvr4832-4ks2/i Firmware<4.001.0000001.6.r.240725
Dahuasecurity Nvr4832-4ks2/i
All of
Dahuasecurity NVR4832-16P-4KS2/I Firmware<4.001.0000001.6.r.240725
Dahua NVR4832-16P-4KS2/I
All of
Dahua NVR4432-4KS2/I Firmware<4.001.0000001.6.r.240725
Dahuasecurity NVR4432-4KS2/i
All of
Dahuasecurity NVR4232-4KS3 Firmware<4.003.0000000.0.r.240312
Dahuasecurity Nvr4232-4ks3 Firmware
All of
Dahuasecurity NVR4232-16P-4KS3<4.003.0000000.0.r.240312
Dahuasecurity NVR4232-16P-4KS3
All of
Dahua Security NVR4216-4KS3<4.003.0000000.0.r.240312
Dahua Security NVR4216-4KS3
All of
Dahuasecurity NVR4216-16P-4KS3<4.003.0000000.0.r.240312
Dahuasecurity NVR4216-16P-4KS3 Firmware
All of
Dahuasecurity Nvr4208-8p-4ks3 Firmware<4.003.0000000.0.r.240312
Dahua Security NVR4208-8P-4KS3
All of
Dahuasecurity Nvr4208-4ks3 Firmware<4.003.0000000.0.r.240312
Dahua Security NVR4208-4KS3
All of
Dahua NVR4204-P-4KS3 Firmware<4.003.0000000.0.r.240312
Dahua NVR4204-P-4KS3 Firmware
All of
Dahuasecurity Nvr4204-4ks3 Firmware<4.003.0000000.0.r.240312
Dahua Security NVR4204-4KS3
All of
Dahua Security NVR4116HS-8P-4KS3<4.003.0000000.0.r.240312
Dahua Security NVR4116HS-8P-4KS3
All of
Dahua Security NVR4116HS-4KS3 Firmware<4.003.0000000.0.r.240312
Dahua Security NVR4116HS-4KS3
All of
Dahua NVR4108HS-4KS3<4.003.0000000.0.r.240312
Dahuasecurity Nvr4108hs-p-4ks3 Firmware
All of
Dahuasecurity Nvr4108hs-8p-4ks3 Firmware<4.003.0000000.0.r.240312
Dahuasecurity Nvr4108hs-8p-4ks3 Firmware
All of
Dahuasecurity Nvr4108hs-4ks3(960g) Firmware<4.003.0000000.0.r.240312
Dahuasecurity NVR4108HS-4KS3 (960G) Firmware
All of
Dahua Security NVR4104HS-P-4KS3 (960G)<4.003.0000000.0.r.240312
Dahua Security NVR4104HS-P-4KS3
All of
Dahuasecurity Nvr4104hs-4ks3(960g) Firmware<4.003.0000000.0.r.240312
Dahua NVR4104HS-4KS3
All of
Dahua Security NVR4116-8P-4KS3 Firmware<4.003.0000000.0.r.240312
Dahua Security NVR4116-8P-4KS3
All of
Dahuasecurity NVR4116-4KS3 Firmware<4.003.0000000.0.r.240312
Dahuasecurity Nvr4116-4ks3 Firmware
All of
Dahuasecurity NVR4108-P-4KS3 Firmware<4.003.0000000.0.r.240312
Dahuasecurity NVR4108-8P-4KS3
All of
Dahuasecurity Nvr4104-4ks3<4.003.0000000.0.r.240312
Dahua NVR4104-4KS3
All of
Dahuasecurity NVR4108-8P-4KS3<4.003.0000000.0.r.240312
Dahuasecurity NVR4108-8P-4KS3
All of
Dahua Technology NVR4108-4KS3 Firmware<4.003.0000000.0.r.240312
Dahua Technology NVR4108-4KS3 Firmware
All of
Dahua Security NVR4104HS-P-4KS3 Firmware<4.003.0000000.0.r.240312
Dahuasecurity Nvr4104-p-4ks3 Firmware
All of
Dahuasecurity Nvr4104hs-p-4ks3(960g) Firmware<4.003.0000000.0.r.240312
Dahua Security NVR4104HS-P-4KS3 (960G)
All of
Dahuasecurity Nvr4104hs-4ks3(960g) Firmware<4.003.0000000.0.r.240312
Dahuasecurity NVR4104HS-4KS3 (960G)
All of
Dahuasecurity Nvr4108hs-4ks3(960g) Firmware<4.003.0000000.0.r.240312
Dahua NVR4108HS-4KS3(960G)
All of
Dahuasecurity Nvr4104-p-4ks3 Firmware<4.003.0000000.0.r.240312
Dahua Security NVR4104-P-4KS3 (960G)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-39948?

    The vulnerability CVE-2024-39948 is classified as critical due to the potential for device crashes caused by specially crafted data packets.

  • How do I fix CVE-2024-39948?

    To mitigate CVE-2024-39948, update the affected Dahua devices to the latest firmware version provided by the manufacturer.

  • Which Dahua products are affected by CVE-2024-39948?

    CVE-2024-39948 affects multiple Dahua NVR models, including NVR4104-4KS2/L and NVR4116-4KS2/L, specifically those running firmware versions prior to 4.003.0000000.1.r.240515.

  • Can CVE-2024-39948 be exploited remotely?

    Yes, CVE-2024-39948 can be exploited remotely without the need for physical access to the device.

  • What symptoms indicate a system affected by CVE-2024-39948?

    Devices affected by CVE-2024-39948 may experience unexpected crashes or reboots when vulnerable data packets are sent to them.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203