VYPR
Critical severity9.8NVD Advisory· Published Sep 18, 2019· Updated Jun 17, 2026

CVE-2019-9677

CVE-2019-9677

Description

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.

Affected products

2
  • Range: < August 18, 2019
  • Dahua Technology/IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2Xv5
    Range: Versions which Build time before August 18 2019

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.