Main
Vulnerability Database
Exploits
ID:5904 - Exploit for Information disclosure in Amcrest products - CVE-2019-3948
ID:5904 - Exploit for Information disclosure in Amcrest products - CVE-2019-3948
Published: June 17, 2021
Vulnerability identifier: #VU20932
Vulnerability risk: Medium
CVE-ID: CVE-2019-3948
CWE-ID: CWE-200
Exploitation vector: Remote access
Vulnerable software:
Dahua NVR2XXX-4KS2
Dahua NVR4XXX-4KS2
Dahua NVR5XXX-4KS2
Dahua DH-SD6XXXXX
Dahua DH-SD5XXXXX
Dahua DH-SD4XXXXX
Dahua DH-IPC-HX863X
Dahua DH-IPC-HX883X
Dahua IPC-HX4X3X
Dahua IPC-HX5X3X
Dahua IPC-XXBXX
IP2M-841B
Dahua NVR2XXX-4KS2
Dahua NVR4XXX-4KS2
Dahua NVR5XXX-4KS2
Dahua DH-SD6XXXXX
Dahua DH-SD5XXXXX
Dahua DH-SD4XXXXX
Dahua DH-IPC-HX863X
Dahua DH-IPC-HX883X
Dahua IPC-HX4X3X
Dahua IPC-HX5X3X
Dahua IPC-XXBXX
IP2M-841B
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the software does not require authentication to access the HTTP endpoint /videotalk. A remote unauthenticated attacker can connect to this endpoint and potentionally listen to the audio of the capturing device.
Remediation
Install updates from vendor's website.