CVE-2019-3948
Summary
| CVE | CVE-2019-3948 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-07-29 22:15:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Amcrest | Ip2m-841b | - | All | All | All |
| Hardware | Amcrest | Ip2m-841b | - | All | All | All |
| Operating System | Amcrest | Ip2m-841b Firmware | 2.520.ac00.18.r | All | All | All |
| Operating System | Amcrest | Ip2m-841b Firmware | 2.520.ac00.18.r | All | All | All |
| Operating System | Dahua | Dh-ipc-hx863x | All | All | All | All |
| Operating System | Dahua | Dh-ipc-hx863x | All | All | All | All |
| Operating System | Dahua | Dh-ipc-hx883x | All | All | All | All |
| Operating System | Dahua | Dh-ipc-hx883x | All | All | All | All |
| Operating System | Dahua | Dh-sd4xxxxx | All | All | All | All |
| Operating System | Dahua | Dh-sd4xxxxx | All | All | All | All |
| Operating System | Dahua | Dh-sd5xxxxx | All | All | All | All |
| Operating System | Dahua | Dh-sd5xxxxx | All | All | All | All |
| Operating System | Dahua | Dh-sd6xxxxx | All | All | All | All |
| Operating System | Dahua | Dh-sd6xxxxx | All | All | All | All |
| Operating System | Dahua | Ipc-hx4x3x | All | All | All | All |
| Operating System | Dahua | Ipc-hx4x3x | All | All | All | All |
| Operating System | Dahua | Ipc-hx5x3x | All | All | All | All |
| Operating System | Dahua | Ipc-hx5x3x | All | All | All | All |
| Operating System | Dahua | Ipc-xxbxx | All | All | All | All |
| Operating System | Dahua | Ipc-xxbxx | All | All | All | All |
| Operating System | Dahua | Nvr2xxx-4ks2 | All | All | All | All |
| Operating System | Dahua | Nvr2xxx-4ks2 | All | All | All | All |
| Operating System | Dahua | Nvr4xxx-4ks2 | All | All | All | All |
| Operating System | Dahua | Nvr4xxx-4ks2 | All | All | All | All |
| Operating System | Dahua | Nvr5xxx-4ks2 | All | All | All | All |
| Operating System | Dahua | Nvr5xxx-4ks2 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Amcrest Cameras 2.520.AC00.18.R Unauthenticated Audio Streaming ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Security Advisory - VideoTalk function of some Dahua products have security risks | MISC | www.dahuasecurity.com | |
| us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf | MISC | us.dahuasecurity.com | |
| Amcrest IP Camera Multiple Vulnerabilities - Research Advisory | Tenable® | MISC | www.tenable.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.