CVE-2019-3948

Published Jul 29, 2019

Last updated 4 years ago

CVSS high 7.5

Overview

Description: The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.
Source: vulnreport@tenable.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:amcrest:ip2m-841b_firmware:2.520.ac00.18.r:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "227426AD-9C92-409F-B9F0-4ED65D1B1C8F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:amcrest:ip2m-841b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "153619F4-378C-4584-BDBA-EA5CEC63133E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahua:dh-ipc-hx863x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F551EC96-4EB1-4CF0-AB88-7296268893E4",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:dh-ipc-hx883x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AAB9E21-DFA5-4063-A756-12FB0B3C74F7",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:dh-sd4xxxxx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3BE5E7B-328F-40E2-9C72-CA70E04CA121",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:dh-sd5xxxxx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B2940CE-D025-4F22-AE79-4658471D9C2B",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:dh-sd6xxxxx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E73BBAB3-F5DE-4AF6-BD84-7D79CDE3A28F",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:ipc-hx4x3x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1331F66B-420A-4309-B489-58238D602796",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:ipc-hx5x3x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AED3D80-0BFF-4C09-8618-FA421713885D",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:ipc-xxbxx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "767BC11A-F349-4B9F-9868-A8C2DBDC209D",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:nvr2xxx-4ks2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E25D467-3BDE-4614-BB13-5ADD1E1FE750",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:nvr4xxx-4ks2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ACE5670-C425-4AB6-8566-D732B069A33E",
            "versionEndExcluding": "2018-05-18"
          },
          {
            "criteria": "cpe:2.3:o:dahua:nvr5xxx-4ks2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B39D29AC-C227-4210-8C10-C4B1FF525EEE",
            "versionEndExcluding": "2018-05-18"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References