Dahuasecurity.com은 쿠키 및 유사 기술을 사용합니다. 다후아는 기능성 쿠키를 사용하여 웹 사이트가 제대로 작동하도록 하고 분석 쿠키를 사용하여 사용자 경험을 최적화합니다. 제3자 쿠키는 당사 웹 사이트 외부에서도 데이터를 수집할 수 있습니다. 다음을 클릭함으로써 동의하시거나 이 웹 사이트를 계속 사용하면 쿠키 설정과 관련된 개인 데이터 처리에 동의하게 됩니다. 다음에 대한 자세한 정보 쿠키 개인정보 처리 방침

Security Advisory - VideoTalk function of some Dahua products have security risks

487


security risks


SA ID: DHCC-SA-201908-001


First Published:August 2, 2019


Summary:


          Some Dahua products’ VideoTalk function has authentication vulnerability; users without authentication can access this function. After Dahua

          reconstructed the relevant functional code in 2018, this vulnerability no longer exists.


CVE ID: CVE-2019-3948


Vulnerability Score (CVSS V3.0 http://www.first.org/cvss/specification-document)


          Base Score: 5.3 ( AV: N/AC: L/PR: N/UI: N/S: U/C: L/I: N/A: N)

          Temporal Score: 5.1 (E:H/RL:O/RC:C)


Affected Products & Fix Software:


Affected Model

Affected Version

Fix Software

IPC-XXBXX

Versions which Build time before May 18,2018

EZIP_IPC-XXBXX-Eris2_EngSpnPrt_P_V2.622.0000000.9.R.190713.zip
EZIP_IPC-XXBXX-Eris2_EngSpnPrt_N_V2.622.0000000.9.R.190713.zip

IPC-HX5X3X
IPC-HX4X3X

Versions which Build time before May 18,2018

DH_IPC-HX5X3X-Rhea_Chn_PN_Stream3_V2.800.0000008.0.R.190619.zip
DH_IPC-HX5X3X-Rhea_MultiLang_PN_Stream3_V2.800.0000008.0.R.190619.zip
DH_IPC-HX5X3X-Rhea_MultiLang_NP_Stream3_V2.800.0000008.0.R.190619.zip

DH-IPC-HX883X
DH-IPC-HX863X

Versions which Build time before May 18,2018

DH_IPC-HX8XXX-Wei-Nova2_EngSpnFrn_NP_Stream3_V2.622.0000000.7.R.190619.zip
DH_IPC-HX8XXX-Wei-Nova2_EngSpnFrn_PN_Stream3_V2.622.0000000.7.R.190619.zip
DH_IPC-HX8XXX-Nova2_EngSpnFrn_NP_Stream3_V2.622.0000000.7.R.190619.zip
DH_IPC-HX8XXX-Nova2_EngSpnFrn_PN_Stream3_V2.622.0000000.7.R.190619.zip

DH-SD4XXXXX

Versions which Build time before May 18,2018

DH_SD-Mao-Rhea_Chn_PN_Stream3_IVS_V2.623.0000000.7.R.181124.zip

DH_SD-Mao-Rhea_MultiLang_NP_Stream3_IVS_V2.623.0000000.7.R.181124.zip

DH_SD-Mao-Rhea_MultiLang_PN_Stream3_IVS_V2.623.0000000.7.R.181124.zip

DH-SD5XXXXX

Versions which Build time before May 18,2018

DH_SD-Eos_Chn_PN_Stream3_V2.623.0000000.1.R.180627.zip

DH_SD-Eos_EngSpnFrn_N_Stream3_V2.623.0000000.1.R.180627.zip

DH_SD-Eos_Eng_P_Stream3_V2.623.0000000.1.R.180627.zip

DH-SD6XXXXX

Versions which Build time before May 18,2018

DH_SD-Mao-Nova_Chn_PN_Stream3_V2.640.0000000.2.R.180628.zip

DH_SD-Mao-Nova_Internal_PN_Stream3_V2.640.0000000.2.R.180628.zip

DH_SD-Eos_EngSpnFrn_N_Stream3_V2.623.0000000.1.R.180627.zip

DH_SD-Eos_Eng_PN_Stream3_V2.623.0000000.1.R.180627.zip

NVR5XXX-4KS2

Versions which Build time before May 18,2018

DH_NVR5XXX-4KS2_Chn_V3.216.0000006.0.R.20190223

DH_NVR5XXX-4KS2_MultiLang_V3.216.0000006.0.R.20190223

NVR4XXX-4KS2

Versions which Build time before May 18,2018

DH_NVR4XXX-4KS2_Chn_V3.216.0000003.0.R.190521.zip DH_NVR4XXX-4KS2_MultiLang_V3.216.0000003.0.R.190521.zip

NVR2XXX-4KS2

Versions which Build time before May 18,2018

DH_NVR2XXX-4KS2_MultiLang_V3.216.0000000.0.R.180705.zip

Note: Please login to the Web interface of the device to view Build time, which you can find on the Settings-System Information-Version Information page (setting-systeminfo-version).


Fix Software Download:


          Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical

          support to upgrade.


          The access to the fix is as follows:


          ●    Cloud Upgrade

                Dahua products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.


          ●    Dahua Official Website

                Overseas:https://www.dahuasecurity.com/support/downloadCenter


          ●    Dahua Technical Support Personnel


Support Resources:


          For any questions or concerns related to our products and solutions, please contact Dahua DHCC at cybersecurity@dahuatech.com