JVNVU#99607268: Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)

Overview

Dahua Technology has released a security update for its multiple products.

Products Affected

CVE-2024-39944

NVR4XXX, firmware versions with Build time before February 2nd of 2024
IPC-HX8XXX, firmware versions with Build time before February 2nd of 2024

CVE-2024-39945, CVE-2024-39946, CVE-2024-39947, CVE-2024-39948, CVE-2024-39949

NVR4XXX, firmware versions with Build time before December 13th of 2023

CVE-2024-39950

NVR4XXX, firmware versions with Build time before January 22nd of 2024
IPC-HX8XXX, firmware versions with Build time before January 22nd of 2024

Description

Dahua Technology has released a security update for its multiple products.

Impact

The preconditions and the impacts vary depending on the vulnerabilities, but crafted data packets may cause a crash or device initialization.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
SAXA, Inc.	Vulnerable	2024/11/29

Vendor	Link
Dahua Technology	DHCC-SA-202407-001: Vulnerabilities found in some Dahua products

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

SAXA, Inc. reported this information to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with SAXA, Inc. and Dahua Technology Co., Ltd to publish this JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

Update History

2024/11/29: SAXA, Inc. update status

JVNVU#99607268 Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)