Details of VAR-201703-1043

ID

VAR-201703-1043

CVE

CVE-2017-6432

TITLE

Dahua DHI-HCVR7216A-S3 Vulnerability to create a new user with full privileges on the device

Trust: 0.8

sources: JVNDB: JVNDB-2017-002238

DESCRIPTION

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A man-in-the-middle attack vulnerability exists in DahuaDHI-HCVR7216A-S3V3.210.0001.10build2016-06-06. Devices using the following software and firmware are affected: 3.210.0001.10 build: 2016-6-6 version of NVR firmware, 2.400.0000.28.R build 2016-3-29 version of Camera firmware, Android-based gDSS software, 1.16.1 Build Date 2017-01-19 version of SmartPSS software

Trust: 2.25

sources: NVD: CVE-2017-6432 // JVNDB: JVNDB-2017-002238 // CNVD: CNVD-2017-02726 // VULHUB: VHN-114635

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-02726

AFFECTED PRODUCTS

vendor:	dahuasecurity	model:	nvr	scope:	eq	version:	3.210.0001.10	Trust: 1.6
vendor:	dahua	model:	nvr	scope:	eq	version:	3.210.0001.10 build 2016-06-06	Trust: 0.8
vendor:	dahua	model:	security dhi-hcvr7216a-s3 build	scope:	eq	version:	3.210.0001.102016-06-06	Trust: 0.6

sources: CNVD: CNVD-2017-02726 // JVNDB: JVNDB-2017-002238 // CNNVD: CNNVD-201703-053 // NVD: CVE-2017-6432

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6432
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6432
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-02726
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-053
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114635
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6432
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-02726
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114635
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6432
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-02726 // VULHUB: VHN-114635 // JVNDB: JVNDB-2017-002238 // CNNVD: CNNVD-201703-053 // NVD: CVE-2017-6432

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.1
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-114635 // JVNDB: JVNDB-2017-002238 // NVD: CVE-2017-6432

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-053

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-053

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002238

PATCH

title:

HCVR7204/7208/7216A-S3

url:

http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html

Trust: 0.8

sources: JVNDB: JVNDB-2017-002238

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6432	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-002238	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-053	Trust: 0.7
db:	CNVD	id:	CNVD-2017-02726	Trust: 0.6
db:	VULHUB	id:	VHN-114635	Trust: 0.1

sources: CNVD: CNVD-2017-02726 // VULHUB: VHN-114635 // JVNDB: JVNDB-2017-002238 // CNNVD: CNNVD-201703-053 // NVD: CVE-2017-6432

REFERENCES

url:	https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html	Trust: 3.1
url:	https://twitter.com/null_ku7/status/839814344351240193	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6432	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6432	Trust: 0.8

sources: CNVD: CNVD-2017-02726 // VULHUB: VHN-114635 // JVNDB: JVNDB-2017-002238 // CNNVD: CNNVD-201703-053 // NVD: CVE-2017-6432

SOURCES

db:	CNVD	id:	CNVD-2017-02726
db:	VULHUB	id:	VHN-114635
db:	JVNDB	id:	JVNDB-2017-002238
db:	CNNVD	id:	CNNVD-201703-053
db:	NVD	id:	CVE-2017-6432

LAST UPDATE DATE

2025-04-20T23:25:05.922000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-02726	date:	2017-03-14T00:00:00
db:	VULHUB	id:	VHN-114635	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-002238	date:	2017-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201703-053	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6432	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-02726	date:	2017-03-14T00:00:00
db:	VULHUB	id:	VHN-114635	date:	2017-03-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-002238	date:	2017-04-05T00:00:00
db:	CNNVD	id:	CNNVD-201703-053	date:	2017-03-03T00:00:00
db:	NVD	id:	CVE-2017-6432	date:	2017-03-09T17:59:00.150