{"containers": {"cna": {"affected": [{"product": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X", "vendor": "Dahua Technology", "versions": [{"status": "affected", "version": "Versions which Build time before August 18 2019"}]}], "descriptions": [{"lang": "en", "value": "Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."}], "problemTypes": [{"descriptions": [{"description": "Privilege Escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-18T18:32:15", "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@dahuatech.com", "ID": "CVE-2019-9679", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X", "version": {"version_data": [{"version_value": "Versions which Build time before August 18 2019"}]}}]}, "vendor_name": "Dahua Technology"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege Escalation"}]}]}, "references": {"reference_data": [{"name": "https://www.dahuasecurity.com/support/cybersecurity/details/637", "refsource": "CONFIRM", "url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"}]}}}}, "cveMetadata": {"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "assignerShortName": "dahua", "cveId": "CVE-2019-9679", "datePublished": "2019-09-18T18:32:15", "dateReserved": "2019-03-11T00:00:00", "dateUpdated": "2019-09-18T18:32:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw1x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6E2D121-6734-4A00-B591-823AE8E33130", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw1x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "DEAAFB9C-0BFE-413A-A13B-CB485FC82BF6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw1x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D31CD26D-5C5A-4A98-B515-58A26C120E50", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw1x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "528FE4A4-08D8-4A8F-8437-4606C769CC90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw2x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D99315-300F-4FD9-8161-13EACD2B66FC", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw2x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "23A12ECC-377E-48E3-9AD2-3296E9581D16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw2x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2561607-9770-4C23-89DD-50B487DA6CBE", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw2x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC3F17B6-FFF9-4118-A7A4-262D3D126953", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC4CEABA-35D5-4785-A8CA-7216F22A5012", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8460FAC-6AED-4D6F-A6DB-84A4CC278CA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D38C378-9D10-48A8-A8EE-FDBB9BE179CD", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "08277A58-AE74-43E3-BFD9-10ACFF3180D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC289503-8A59-42A5-97A8-932A1BDA4F00", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9CEDA2A-9E81-46B0-BCBE-CAAB7E050F44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E56F8D5-66DA-4186-AF7E-F2691E4A68C3", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4A2CBF7-C132-4EC2-9243-9892784516C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x2x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD926583-99C6-4543-AAE5-CD0DFF0007C5", "versionEndExcluding": "2019-08-18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x2x:-:*:*:*:*:*:*:*", "matchCriteriaId": "7924CDDA-609E-4E9A-A8D7-5A5E2973394A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019."}, {"lang": "es", "value": "Algunas de las funciones de Depuraci\u00f3n de Dahua no poseen separaci\u00f3n de permisos. Usuarios poco privilegiados pueden usar la funci\u00f3n de Depuraci\u00f3n despu\u00e9s de iniciar sesi\u00f3n. Los productos afectados incluyen: IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDBW4X2X, IPC-HDBW4X2X, IPC-HDBW4X2X -HFW5X2X, para versiones cuyo tiempo de Compilaci\u00f3n es antes del 18 de agosto de 2019."}], "id": "CVE-2019-9679", "lastModified": "2019-09-19T16:08:30.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-18T19:15:11.533", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/637"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}