Details of VAR-201309-0168

ID

VAR-201309-0168

CVE

CVE-2013-3613

TITLE

Dahua Security DVRs contain multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#800094

DESCRIPTION

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Digital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Dahua Security DVR Appliances accept UPnP requests from external untrusted devices, which can cause the telnet port of the DVR application device to be automatically redirected and accessed by external entities. These default conditions allow external attackers to detect the device and use the built-in account to authenticate. Access the device. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2013-3613 // CERT/CC: VU#800094 // JVNDB: JVNDB-2013-004184 // CNVD: CNVD-2013-13179 // BID: 62402

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13179

AFFECTED PRODUCTS

vendor:	dahuasecurity	model:	dvr2104hc	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr2116he	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr5216l	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr2104c	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr2108he	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr5204a	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr2116c	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr2116hc	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr2108c	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr2108hc	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	dvr0804hf-s-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5104he	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0804hf-u-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5116c	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hd-a	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0804hd-l	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0804hf-al-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hf-a-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hd-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5204l	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5116he	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr2108h	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr1604hf-l-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5108he	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr2116h	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0804hf-l-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5208a	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0804	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr6404lf-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr2404lf-al	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hd-u	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5104h	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5108c	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5216a	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5808	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr1604hf-a-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5816	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr1604hf-s-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr2404hf-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hf-u-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5104c	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hd-l	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5404	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr1604hf-al-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hf-s-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5408	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5108h	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5804	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr2104h	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr1604hf-u-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0804hf-a-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr3204lf-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr2104he	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5208l	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr2404lf-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr3204hf-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5416	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0804hd-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr3204lf-al	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr5116h	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr0404hf-al-e	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr1604hd-l	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr3232l	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr1604hd-s	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dvr3224l	scope:	eq	version:	-	Trust: 1.0
vendor:	dahua	model:	dvr0404hd-a	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0404hd-l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0404hd-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0404hd-u	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0404hf-a-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0404hf-al-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0404hf-s-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0404hf-u-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804hd-l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804hd-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804hf-a-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804hf-al-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804hf-l-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804hf-s-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr0804hf-u-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr1604hd-l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr1604hd-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr1604hf-a-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr1604hf-al-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr1604hf-l-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr1604hf-s-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr1604hf-u-e	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2104c	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2104h	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2104hc	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2104he	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2108c	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2108h	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2108hc	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2108he	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2116c	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2116h	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2116hc	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2116he	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2404hf-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2404lf-al	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr2404lf-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr3204hf-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr3204lf-al	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr3204lf-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr3224l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr3232l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5104c	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5104h	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5104he	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5108c	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5108h	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5108he	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5116c	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5116h	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5116he	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5204a	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5204l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5208a	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5208l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5216a	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5216l	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5404	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5408	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5416	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5804	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5808	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr5816	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dvr6404lf-s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	security dvr appliances	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-13179 // JVNDB: JVNDB-2013-004184 // CNNVD: CNNVD-201309-263 // NVD: CVE-2013-3613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3613
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3613
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-13179
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201309-263
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2013-3613
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13179
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-13179 // JVNDB: JVNDB-2013-004184 // CNNVD: CNNVD-201309-263 // NVD: CVE-2013-3613

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2013-004184 // NVD: CVE-2013-3613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-263

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201309-263

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004184

PATCH

title:

Top Page

url:

http://www.dahuasecurity.com/

Trust: 0.8

sources: JVNDB: JVNDB-2013-004184

EXTERNAL IDS

db:	CERT/CC	id:	VU#800094	Trust: 4.1
db:	NVD	id:	CVE-2013-3613	Trust: 3.3
db:	BID	id:	62402	Trust: 1.5
db:	JVN	id:	JVNVU99181254	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004184	Trust: 0.8
db:	CNVD	id:	CNVD-2013-13179	Trust: 0.6
db:	CNNVD	id:	CNNVD-201309-263	Trust: 0.6

sources: CERT/CC: VU#800094 // CNVD: CNVD-2013-13179 // BID: 62402 // JVNDB: JVNDB-2013-004184 // CNNVD: CNNVD-201309-263 // NVD: CVE-2013-3613

REFERENCES

url:	http://www.kb.cert.org/vuls/id/800094	Trust: 3.3
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://www.dahuasecurity.com/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3613	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu99181254	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3613	Trust: 0.8
url:	http://www.securityfocus.com/bid/62402	Trust: 0.6
url:	http://www.dahuasecurity.com/products_category/dvr-2.html	Trust: 0.3

sources: CERT/CC: VU#800094 // CNVD: CNVD-2013-13179 // BID: 62402 // JVNDB: JVNDB-2013-004184 // CNNVD: CNNVD-201309-263 // NVD: CVE-2013-3613

CREDITS

Andrey Bezborodov, Kirill Ermakov, Alexander Raspopov, and Dmitry Sklyarov of Positive Technologies.

Trust: 0.9

sources: BID: 62402 // CNNVD: CNNVD-201309-263

SOURCES

db:	CERT/CC	id:	VU#800094
db:	CNVD	id:	CNVD-2013-13179
db:	BID	id:	62402
db:	JVNDB	id:	JVNDB-2013-004184
db:	CNNVD	id:	CNNVD-201309-263
db:	NVD	id:	CVE-2013-3613

LAST UPDATE DATE

2025-04-11T23:04:04.757000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#800094	date:	2013-12-04T00:00:00
db:	CNVD	id:	CNVD-2013-13179	date:	2013-09-23T00:00:00
db:	BID	id:	62402	date:	2013-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-004184	date:	2013-09-19T00:00:00
db:	CNNVD	id:	CNNVD-201309-263	date:	2017-05-08T00:00:00
db:	NVD	id:	CVE-2013-3613	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#800094	date:	2013-09-13T00:00:00
db:	CNVD	id:	CNVD-2013-13179	date:	2013-09-23T00:00:00
db:	BID	id:	62402	date:	2013-09-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-004184	date:	2013-09-19T00:00:00
db:	CNNVD	id:	CNNVD-201309-263	date:	2013-09-22T00:00:00
db:	NVD	id:	CVE-2013-3613	date:	2013-09-17T12:04:24.757