CVE-2019-3948

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
tenableCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
amcrestip2m-841b_firmware
2.520.ac00.18.r:ac00.18
dahuadh-ipc-hx863x
𝑥
< 2018-05-18
dahuadh-ipc-hx883x
𝑥
< 2018-05-18
dahuadh-sd4xxxxx
𝑥
< 2018-05-18
dahuadh-sd5xxxxx
𝑥
< 2018-05-18
dahuadh-sd6xxxxx
𝑥
< 2018-05-18
dahuaipc-hx4x3x
𝑥
< 2018-05-18
dahuaipc-hx5x3x
𝑥
< 2018-05-18
dahuaipc-xxbxx
𝑥
< 2018-05-18
dahuanvr2xxx-4ks2
𝑥
< 2018-05-18
dahuanvr4xxx-4ks2
𝑥
< 2018-05-18
dahuanvr5xxx-4ks2
𝑥
< 2018-05-18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html
https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf
https://www.dahuasecurity.com/support/cybersecurity/details/627?us
https://www.tenable.com/security/research/tra-2019-36
http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html
https://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdf
https://www.dahuasecurity.com/support/cybersecurity/details/627?us
https://www.tenable.com/security/research/tra-2019-36