Incorrect Default Permissions

CVE-2019-9679

Medium

6.5/10

Summary

Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

Published Sep 18, 2019

Incorrect Default Permissions

CVE-2019-9679

Summary

CWE-276 - Incorrect Default Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS