Medium severity5.3NVD Advisory· Published Sep 17, 2019· Updated Jun 17, 2026
CVE-2019-9681
CVE-2019-9681
Description
Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
Affected products
2- Range: < August 18, 2019
- Dahua/IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2Xcpe-rescueRange: Versions which Build time before August 18 2019
Patches
Vulnerability mechanics
References
1- www.dahuasecurity.com/support/cybersecurity/details/637nvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.