Published:2024/11/20 Last Updated:2024/11/29
JVNVU#99607268
Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)
Overview
Dahua Technology has released a security update for its multiple products.
Products Affected
CVE-2024-39944
- NVR4XXX, firmware versions with Build time before February 2nd of 2024
- IPC-HX8XXX, firmware versions with Build time before February 2nd of 2024
- NVR4XXX, firmware versions with Build time before December 13th of 2023
- NVR4XXX, firmware versions with Build time before January 22nd of 2024
- IPC-HX8XXX, firmware versions with Build time before January 22nd of 2024
Description
Dahua Technology has released a security update for its multiple products.
Impact
The preconditions and the impacts vary depending on the vulnerabilities, but crafted data packets may cause a crash or device initialization.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
Vendor | Status | Last Update | Vendor Notes |
---|---|---|---|
SAXA, Inc. | Vulnerable | 2024/11/29 |
Vendor | Link |
Dahua Technology | DHCC-SA-202407-001: Vulnerabilities found in some Dahua products |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
SAXA, Inc. reported this information to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with SAXA, Inc. and Dahua Technology Co., Ltd to publish this JVN.
Update History
- 2024/11/29
- SAXA, Inc. update status