JVNVU#99607268: Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)

Overview

Dahua Technology has released a security update for its multiple products.

Products Affected

CVE-2024-39944

NVR4XXX, firmware versions with Build time before February 2nd of 2024
IPC-HX8XXX, firmware versions with Build time before February 2nd of 2024

CVE-2024-39945, CVE-2024-39946, CVE-2024-39947, CVE-2024-39948, CVE-2024-39949

NVR4XXX, firmware versions with Build time before December 13th of 2023

CVE-2024-39950

NVR4XXX, firmware versions with Build time before January 22nd of 2024
IPC-HX8XXX, firmware versions with Build time before January 22nd of 2024

Description

Dahua Technology has released a security update for its multiple products.

Impact

The preconditions and the impacts vary depending on the vulnerabilities, but crafted data packets may cause a crash or device initialization.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
Dahua Technology	DHCC-SA-202407-001: Vulnerabilities found in some Dahua products

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

SAXA, Inc. reported this information to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with SAXA, Inc. and Dahua Technology Co., Ltd to publish this JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#99607268 Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)