Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for nvr4104-p-4ks2\/l_firmware by dahuasecurity
CVE-2024-39950 (GCVE-0-2024-39950)
Vulnerability from nvd – Published: 2024-07-31 03:45 – Updated: 2025-09-30 03:39
VLAI?
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.
Severity ?
8.6 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua | NVR4XXX and IPC-HX8XXX |
Affected:
NVR4XXX and IPC-HX8XXX Versions which Build time before 2024/1/22
|
Date Public ?
2024-07-31 03:42
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4832-i",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hf8xxx_firmware",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hfw8xxx",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:04:00.945009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:12:46.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX and IPC-HX8XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX and IPC-HX8XXX Versions which Build time\u00a0before 2024/1/22"
}
]
}
],
"datePublic": "2024-07-31T03:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization."
}
],
"value": "A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:39:46.118Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39950",
"datePublished": "2024-07-31T03:45:12.977Z",
"dateReserved": "2024-07-05T03:08:11.185Z",
"dateUpdated": "2025-09-30T03:39:46.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39949 (GCVE-0-2024-39949)
Vulnerability from nvd – Published: 2024-07-31 03:42 – Updated: 2025-09-30 03:36
VLAI?
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:40
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4xxx_firmware",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2023.12.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:00:04.189477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:54:08.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAttackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:36:51.320Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39949",
"datePublished": "2024-07-31T03:42:39.981Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-09-30T03:36:51.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39948 (GCVE-0-2024-39948)
Vulnerability from nvd – Published: 2024-07-31 03:40 – Updated: 2025-09-30 03:36
VLAI?
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:40
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4832-i",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2023.12.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:03:32.189886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:54:11.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time\u00a0before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAttackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:36:16.235Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39948",
"datePublished": "2024-07-31T03:40:29.258Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-09-30T03:36:16.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39947 (GCVE-0-2024-39947)
Vulnerability from nvd – Published: 2024-07-31 03:22 – Updated: 2024-10-27 21:48
VLAI?
Summary
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:20
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:03:05.223907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:48:18.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.After obtaining the ordinary user\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash."
}
],
"value": "A vulnerability has been found in Dahua products.After obtaining the ordinary user\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T03:25:09.750Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39947",
"datePublished": "2024-07-31T03:22:09.786Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2024-10-27T21:48:18.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39946 (GCVE-0-2024-39946)
Vulnerability from nvd – Published: 2024-07-31 03:20 – Updated: 2024-10-27 21:49
VLAI?
Summary
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.
Severity ?
6 (Medium)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:02:42.521850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:49:19.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.After obtaining the administrator\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization."
}
],
"value": "A vulnerability has been found in Dahua products.After obtaining the administrator\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T03:24:48.947Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39946",
"datePublished": "2024-07-31T03:20:01.329Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2024-10-27T21:49:19.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39945 (GCVE-0-2024-39945)
Vulnerability from nvd – Published: 2024-07-31 03:16 – Updated: 2025-03-27 15:26
VLAI?
Summary
A vulnerability has been found in Dahua products. After
obtaining the administrator's username and password, the attacker can send a
carefully crafted data packet to the interface with vulnerabilities, causing
the device to crash.
Severity ?
4.9 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:16
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:25:00.427486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:26:10.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAfter\nobtaining the administrator\u0027s username and password, the attacker can send a\ncarefully crafted data packet to the interface with vulnerabilities, causing\nthe device to crash.\u003c/span\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.\u00a0\u00a0After\nobtaining the administrator\u0027s username and password, the attacker can send a\ncarefully crafted data packet to the interface with vulnerabilities, causing\nthe device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T03:24:28.876Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39945",
"datePublished": "2024-07-31T03:16:31.944Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-03-27T15:26:10.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39944 (GCVE-0-2024-39944)
Vulnerability from nvd – Published: 2024-07-31 03:13 – Updated: 2025-09-30 03:33
VLAI?
Summary
A vulnerability has been found in Dahua products.Attackers
can send carefully crafted data packets to the interface with vulnerabilities,
causing the device to crash.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua | IPC-HX8XXX and NVR4XXX |
Affected:
IPC-HX8XXX and NVR4XXX Versions which Build time before 2024/2/2
|
Date Public ?
2024-07-31 03:09
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4832-i",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hf8xxx_firmware",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hfw8xxx",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:24:11.982486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:10:56.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC-HX8XXX and NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "IPC-HX8XXX and NVR4XXX Versions which Build time before 2024/2/2"
}
]
}
],
"datePublic": "2024-07-31T03:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eA vulnerability has been found in Dahua products.Attackers\ncan send carefully crafted data packets to the interface with vulnerabilities,\ncausing the device to crash.\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.Attackers\ncan send carefully crafted data packets to the interface with vulnerabilities,\ncausing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:33:00.394Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39944",
"datePublished": "2024-07-31T03:13:03.509Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-09-30T03:33:00.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39950 (GCVE-0-2024-39950)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:45 – Updated: 2025-09-30 03:39
VLAI?
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.
Severity ?
8.6 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua | NVR4XXX and IPC-HX8XXX |
Affected:
NVR4XXX and IPC-HX8XXX Versions which Build time before 2024/1/22
|
Date Public ?
2024-07-31 03:42
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4832-i",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hf8xxx_firmware",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hfw8xxx",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:04:00.945009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:12:46.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX and IPC-HX8XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX and IPC-HX8XXX Versions which Build time\u00a0before 2024/1/22"
}
]
}
],
"datePublic": "2024-07-31T03:42:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization."
}
],
"value": "A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:39:46.118Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39950",
"datePublished": "2024-07-31T03:45:12.977Z",
"dateReserved": "2024-07-05T03:08:11.185Z",
"dateUpdated": "2025-09-30T03:39:46.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39949 (GCVE-0-2024-39949)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:42 – Updated: 2025-09-30 03:36
VLAI?
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:40
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4xxx_firmware",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2023.12.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:00:04.189477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:54:08.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAttackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:36:51.320Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39949",
"datePublished": "2024-07-31T03:42:39.981Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-09-30T03:36:51.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39948 (GCVE-0-2024-39948)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:40 – Updated: 2025-09-30 03:36
VLAI?
Summary
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:40
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4832-i",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2023.12.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:03:32.189886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:54:11.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time\u00a0before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAttackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.\u00a0Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:36:16.235Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39948",
"datePublished": "2024-07-31T03:40:29.258Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-09-30T03:36:16.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39947 (GCVE-0-2024-39947)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:22 – Updated: 2024-10-27 21:48
VLAI?
Summary
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.
Severity ?
6.5 (Medium)
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:20
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:03:05.223907Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:48:18.607Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.After obtaining the ordinary user\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash."
}
],
"value": "A vulnerability has been found in Dahua products.After obtaining the ordinary user\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T03:25:09.750Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39947",
"datePublished": "2024-07-31T03:22:09.786Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2024-10-27T21:48:18.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39946 (GCVE-0-2024-39946)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:20 – Updated: 2024-10-27 21:49
VLAI?
Summary
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.
Severity ?
6 (Medium)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:02:42.521850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:49:19.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.After obtaining the administrator\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization."
}
],
"value": "A vulnerability has been found in Dahua products.After obtaining the administrator\u0027s username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T03:24:48.947Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39946",
"datePublished": "2024-07-31T03:20:01.329Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2024-10-27T21:49:19.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39945 (GCVE-0-2024-39945)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:16 – Updated: 2025-03-27 15:26
VLAI?
Summary
A vulnerability has been found in Dahua products. After
obtaining the administrator's username and password, the attacker can send a
carefully crafted data packet to the interface with vulnerabilities, causing
the device to crash.
Severity ?
4.9 (Medium)
CWE
- CWE-703 - Improper Check or Handling of Exceptional Conditions
Assigner
References
Impacted products
Date Public ?
2024-07-31 03:16
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:25:00.427486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:26:10.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "NVR4XXX Versions which Build time before 2023/12/13"
}
]
}
],
"datePublic": "2024-07-31T03:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\u0026nbsp;\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eAfter\nobtaining the administrator\u0027s username and password, the attacker can send a\ncarefully crafted data packet to the interface with vulnerabilities, causing\nthe device to crash.\u003c/span\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.\u00a0\u00a0After\nobtaining the administrator\u0027s username and password, the attacker can send a\ncarefully crafted data packet to the interface with vulnerabilities, causing\nthe device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T03:24:28.876Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39945",
"datePublished": "2024-07-31T03:16:31.944Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-03-27T15:26:10.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39944 (GCVE-0-2024-39944)
Vulnerability from cvelistv5 – Published: 2024-07-31 03:13 – Updated: 2025-09-30 03:33
VLAI?
Summary
A vulnerability has been found in Dahua products.Attackers
can send carefully crafted data packets to the interface with vulnerabilities,
causing the device to crash.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua | IPC-HX8XXX and NVR4XXX |
Affected:
IPC-HX8XXX and NVR4XXX Versions which Build time before 2024/2/2
|
Date Public ?
2024-07-31 03:09
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:dahuasecurity:nvr4216-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4416-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4432-i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4816-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-16p-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-4ks2\\/i:-:*:*:*:*:*:*:*",
"cpe:2.3:h:dahuasecurity:nvr4832-i:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nvr4832-i",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hf8xxx_firmware",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipc-hfw8xxx",
"vendor": "dahuasecurity",
"versions": [
{
"lessThan": "2024.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:24:11.982486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:10:56.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC-HX8XXX and NVR4XXX",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "IPC-HX8XXX and NVR4XXX Versions which Build time before 2024/2/2"
}
]
}
],
"datePublic": "2024-07-31T03:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: var(--wht);\"\u003eA vulnerability has been found in Dahua products.Attackers\ncan send carefully crafted data packets to the interface with vulnerabilities,\ncausing the device to crash.\u003c/span\u003e\u003cbr\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in Dahua products.Attackers\ncan send carefully crafted data packets to the interface with vulnerabilities,\ncausing the device to crash."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T03:33:00.394Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2024-39944",
"datePublished": "2024-07-31T03:13:03.509Z",
"dateReserved": "2024-07-05T03:08:11.184Z",
"dateUpdated": "2025-09-30T03:33:00.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}