Dahua IPC-HFW1200S
0 remedies
cpe:2.3:o:dahuasecurity:ipc-hfw1xxx_firmware:*:*:*:*:*:*:*
0 remedies
- <= 20241222
Dahua IPC Cameras Path Traversal Vulnerability in Web Interface
Vulnerability
A critical path traversal vulnerability has been identified in several Dahua IPC camera models, including the IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z, and IPC-HDW1200S, all versions prior to 20241222. This vulnerability allows remote attackers to bypass directory restrictions and access sensitive files, such as ../mtd/Config/Sha1Account1, which contains hashed credentials and other configuration data. The issue arises from the web interface's improper handling of file paths, enabling exploitation by manipulating input to traverse directories and access restricted files.
Impact
Exploitation of this vulnerability allows for unauthorized access to the camera's file system, potentially leading to the exposure of sensitive configuration data and hashed credentials, which could be used to compromise the device further.
Remediation
It is recommended to apply restrictive firewall rules to block unauthorized access to the camera's web interface.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
2.5exploitability
6.2remediation
0.0relevance
0.0threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.