JVNVU#99607268: Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)
Published:2024/11/20  Last Updated:2024/11/20

JVNVU#99607268
Vulnerabilities in multiple Dahua Technology products (DHCC-SA-202407-001)

Overview

Dahua Technology has released a security update for its multiple products.

Products Affected

CVE-2024-39944

  • NVR4XXX, firmware versions with Build time before February 2nd of 2024
  • IPC-HX8XXX, firmware versions with Build time before February 2nd of 2024
CVE-2024-39945, CVE-2024-39946, CVE-2024-39947, CVE-2024-39948, CVE-2024-39949
  • NVR4XXX, firmware versions with Build time before December 13th of 2023
CVE-2024-39950
  • NVR4XXX, firmware versions with Build time before January 22nd of 2024
  • IPC-HX8XXX, firmware versions with Build time before January 22nd of 2024

Description

Dahua Technology has released a security update for its multiple products.

Impact

The preconditions and the impacts vary depending on the vulnerabilities, but crafted data packets may cause a crash or device initialization.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

SAXA, Inc. reported this information to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with SAXA, Inc. and Dahua Technology Co., Ltd to publish this JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia