CVE-2019-9682

HIGH Year: 2019
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.

Related Vulnerabilities

CVE-2017-3209

HIGH
CVSS:8.1(High)

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP...

CWE-2762017

CVE-2019-9579

HIGH
CVSS:8.1(High)

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can chang...

CWE-2762019

CVE-2020-5196

HIGH
CVSS:8.1(High)

Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permiss...

CWE-2762020

CVE-2020-5906

HIGH
CVSS:8.1(High)

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin use...

CWE-2762020

CVE-2022-25364

HIGH
CVSS:8.1(High)

In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the buil...

CWE-2762022