CVERadar

CVE-2024-39949

High Severity

Dahuasecurity

SVRS

68/100

CVSSv3

7.5/10

EPSS

0.00223/1

CVE-2024-39949 allows attackers to crash Dahua devices by sending specially crafted network packets. This denial-of-service vulnerability could disrupt critical operations and poses a risk to the availability of Dahua systems. The CVE is present in certain Dahua product interfaces allowing the crafted data packets to be sent causing a device crash. Although the CVSS score is 7.5, SOCRadar's SVRS score of 68 indicates a moderate risk, still requiring prompt attention. The presence of the "In The Wild" tag further emphasizes the active exploitation of this vulnerability and the need for immediate patching and mitigation measures to prevent potential system outages. Companies using Dahua products should immediately review their exposure to CVE-2024-39949.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

FOCUS FRIDAY: MANAGING THIRD-PARTY RISKS FROM DAHUA IP CAMERA, SONICWALL FIREWALL, AND WPML, FILECATALYST WORKFLOW VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™

Ferdi Gül2024-08-30

FOCUS FRIDAY: MANAGING THIRD-PARTY RISKS FROM DAHUA IP CAMERA, SONICWALL FIREWALL, AND WPML, FILECATALYST WORKFLOW VULNERABILITIES WITH BLACK KITE’S FOCUSTAGS™ | Written By: Ferdi GülContributor: Ferhat Dikbiyik Welcome to this week’s Focus Friday, where we dive into the latest high-profile cybersecurity incidents impacting third-party risk management (TPRM). In today’s blog, we explore critical vulnerabilities in Dahua IP Cameras, SonicWall Firewalls, WPML plugin for WordPress, and Fortra’s FileCatalyst Workflow. These vulnerabilities present significant risks to organizations relying […] The post <a href="https://blackkite.com/blog/focus-friday-managing-third-party-risks-from-dahua-ip-camera-sonicwall-firewall-and-wpml-filecatalyst-workflow-vulnerabilities-with-black-kites-focustags/

cve-2024-39949

cve-2024-39948

cve-2024-39932

cve-2021-34473

FOCUS FRIDAY: TPRM INSIGHTS INTO THE PAN-OS CLEARTEXT VULNERABILITY & A SNEAK PEEK INTO WHAT’S NEXT

Ferdi Gül2024-09-13

FOCUS FRIDAY: TPRM INSIGHTS INTO THE PAN-OS CLEARTEXT VULNERABILITY & A SNEAK PEEK INTO WHAT’S NEXT | Written By: Ferdi Gül & Ferhat Dikbiyik Welcome to this week’s Focus Friday blog, where we continue to explore high-profile cybersecurity incidents through the lens of Third-Party Risk Management (TPRM). As organizations grapple with an ever-evolving threat landscape, vulnerabilities in critical infrastructure remain a constant concern. This week, we focus on the PAN-OS Cleartext vulnerability […] The post FOCUS FRIDAY: TPRM

cve-2021-31196

cve-2024-33535

cve-2024-8687

cve-2024-39949

FOCUS FRIDAY: CRITICAL THIRD-PARTY RISK INSIGHTS – MSSQL AND ADOBE FLASH PLAYER VULNERABILITIES

Ferdi Gül2024-09-20

FOCUS FRIDAY: CRITICAL THIRD-PARTY RISK INSIGHTS – MSSQL AND ADOBE FLASH PLAYER VULNERABILITIES | Written By: Ferdi Gül Contributor: Ferhat Dikbiyik Welcome to this week’s Focus Friday blog, where we explore some of the most critical vulnerabilities impacting third-party vendors. In today’s post, we’re delving into vulnerabilities within two major software systems: Microsoft SQL Server (MSSQL) and Adobe Flash Player. These vulnerabilities pose a serious risk for companies still […] The post FOCUS FRIDAY: CRITICAL THIRD-PARTY RISK INSIGHTS – MSSQL AND

cve-2014-0497

cve-2024-22116

cve-2024-8687

cve-2021-33044

CVE-2024-39949 | Dahua NVR4XXX Data Packet denial of service

vuldb.com2024-07-31

CVE-2024-39949 | Dahua NVR4XXX Data Packet denial of service | A vulnerability was found in Dahua NVR4XXX. It has been classified as critical. This affects an unknown part of the component Data Packet Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-39949. It is possible to initiate the attack remotely. There is no exploit available. It

cve-2024-39949

domains

urls

cves

Social Media

CRAC Learning - Tech

@cracbot

2024-08-04

CVE-2024-39949 (CVSS:7.5, HIGH) is Undergoing Analysis. A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface wit..https://t.co/UEz3uN41Fp #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

Affected Software

Configuration 2

Type	Vendor	Product
OS	Dahuasecurity	nvr4108-4ks2\/l_firmware

References

Reference	Link
[email protected]	https://www.dahuasecurity.com/aboutUs/trustedCenter/details/768

CWE Details

CWE ID	CWE Name	Description
CWE-20	Improper Input Validation	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence