ID
VAR-201506-0570
TITLE
Authentication flaw in Zhejiang Dahua camera
Trust: 0.6
DESCRIPTION
Zhejiang Dahua Technology Co., Ltd. is a leading supplier of surveillance products and solution services, providing leading series of video storage, front-end, display control, and intelligent transportation products to the world. The Dahua IPC-HF2100 camera has an authentication vulnerability based on man-in-the-middle attacks. By intercepting the data packet sent to the camera when a legitimate user changes the password, a quasi password equivalent to the original password can be obtained, thereby deceiving the identity authentication system to achieve successful login. Allows attackers to exploit this vulnerability for man-in-the-middle attacks.
Trust: 0.6
IOT TAXONOMY
| category: | ['ICS', 'Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | - | model: | dahua technology co. ltd.ipc-hf2100 2.420.0000.0.r | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Authentication flaw in Zhejiang Dahua camera | url: | https://www.cnvd.org.cn/patchinfo/show/58090 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2015-04139 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2015-04139 |
LAST UPDATE DATE
2022-05-04T09:30:02.940000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-04139 | date: | 2015-07-01T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-04139 | date: | 2015-06-22T00:00:00 |