QwikSec

Security Database

CVE

CWE

Training

CVE-2024-13130

Published: Jan 5, 2025

Modified: Apr 8, 2025

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor	Product	Versions
Dahua	IPC-HFW1200S	affected `20241222`
Dahua	IPC-HFW2300R-Z	affected `20241222`
Dahua	IPC-HFW5220E-Z	affected `20241222`
Dahua	IPC-HDW1200S	affected `20241222`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

VDB-290204 | Dahua IPC-HFW1200S Web Interface Sha1Account1 path traversal

vdb-entry

technical-description

VDB-290204 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #464260 | IntelBras IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z, IPC-HDW1200S, VIP S3020 G2, VIP S4020 G2, VIP S4320 G2, VIP S4020 G3 WebVersion: 3.2.1.225946; WebVersion: 3.2.1.291804 Path Traversal

third-party-advisory

https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.