Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-3948

Published: 29/07/2019 Updated: 24/08/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Ip2m-841b Firmware

Vulnerability Summary

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX V2.640.0000000.2.R and V2.623.0000000.1.R, Dahua NVR5XX-4KS2 V3.216.0000006.0.R, Dahua NVR4XXX-4KS2 V3.216.0000006.0.R, and NVR2XXX-4KS2 do not require authentication to access the HTTP endpoint /videotalk. An unauthenticated, remote person can connect to this endpoint and potentionally listen to the audio of the capturing device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

amcrest ip2m-841b_firmware 2.520.ac00.18.r

dahua dh-sd5xxxxx

dahua ipc-hx4x3x

dahua ipc-xxbxx

dahua dh-ipc-hx863x

dahua dh-ipc-hx883x

dahua ipc-hx5x3x

dahua nvr2xxx-4ks2

dahua nvr4xxx-4ks2

dahua nvr5xxx-4ks2

dahua dh-sd4xxxxx

dahua dh-sd6xxxxx

Exploits

Exploit DB: Amcrest Cameras 2.520.AC00.18.R - Unauthenticated Audio Streaming
## # Exploit Title: Unauthenticated Audio Streaming from Amcrest Camera # Shodan Dork: html:"@WebVersion@" # Date: 08/29/2019 # Exploit Author: Jacob Baines # Vendor Homepage: amcrestcom/ # Software Link: amcrestcom/firmwaredownloads # Affected Version: V2520AC0018R # Fixed Version: V2420AC0018R # Tested on: Tested on Amcr ...
Exploit DB: Amcrest Cameras 2.520.AC00.18.R Unauthenticated Audio Streaming
Amcrest Cameras version 2520AC0018R suffers from an authentication bypass vulnerability allowing an attacker to retrieve audio streams ...

References

CWE-306https://www.tenable.com/security/research/tra-2019-36http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.htmlhttps://us.dahuasecurity.com/wp-content/uploads/2019/08/Cybersecurity_2019-08-02.pdfhttps://www.dahuasecurity.com/support/cybersecurity/details/627?ushttps://nvd.nist.govhttps://www.exploit-db.com/exploits/47188
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook