CVE-2024-13130 | Dahua IPC-HFW1200S up to 20241222 Web Interface Sha1Account1 path traversal

A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: ‘../filedir’.

This vulnerability is handled as CVE-2024-13130. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

It is recommended to apply restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-13130 | Dahua IPC-HFW1200S up to 20241222 Web Interface Sha1Account1 path traversal

Related Posts

CVE-2024-47293 | Huawei HarmonyOS/EMUI HAL-WIFI Module length parameter

CVE-2024-8768 | vLLM API Request denial of service

CVE-2024-3127 | GitLab Enterprise Edition up to 17.1.5/17.2.3/17.3.0 IP Restriction access control

CVE-2024-32884 | Byron gitoxide up to 0.34.x/0.41.x/0.61.x Username command injection (GHSA-98p4-xjmm-8mfh)