Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2019-3948

Disclosure Date: July 29, 2019
CVE-2019-3948
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Dahua IPC-XXBXX V2.622.0000000.9.R
Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R
Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R
Dahua DH-SD4XXXXX V2.623.0000000.7.R
Dahua DH-SD5XXXXX V2.623.0000000.1.R
Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R
Dahua NVR5XX-4KS2 V3.216.0000006.0.R
Dahua NVR4XXX-4KS2 V3.216.0000006.0.R and NVR2XXX-4KS2
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Technical Analysis