Sign-up

ID

VAR-201703-1235


CVE

CVE-2017-7253


TITLE

Dahua IP Camera Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-002787

DESCRIPTION

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. Dahua IP Camera Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. DahuaIPCamera is a webcam from Dahua, China. A privilege escalation and information disclosure vulnerability exists in DahuaIPCamera 3.200.0001.6. An attacker can exploit these issues to gain elevated privileges and obtain unauthorized access to the sensitive information

Trust: 2.52

sources: NVD: CVE-2017-7253 // JVNDB: JVNDB-2017-002787 // CNVD: CNVD-2017-04888 // BID: 97263 // VULHUB: VHN-115456

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04888

AFFECTED PRODUCTS

vendor:dahuasecuritymodel:ip camerascope:eqversion:3.200.0001.6

Trust: 1.6

vendor:dahuamodel:ip camerascope:eqversion:3.200.0001.6

Trust: 0.8

vendor:dahuamodel:security dahua ip camerascope:eqversion:3.200.0001.6

Trust: 0.6

vendor: - model:dahua technology dahua ip camerascope:eqversion:3.200.0001.6

Trust: 0.3

sources: CNVD: CNVD-2017-04888 // BID: 97263 // JVNDB: JVNDB-2017-002787 // CNNVD: CNNVD-201703-1081 // NVD: CVE-2017-7253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7253
value: HIGH

Trust: 1.0

NVD: CVE-2017-7253
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04888
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-1081
value: HIGH

Trust: 0.6

VULHUB: VHN-115456
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7253
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04888
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-115456
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7253
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04888 // VULHUB: VHN-115456 // JVNDB: JVNDB-2017-002787 // CNNVD: CNNVD-201703-1081 // NVD: CVE-2017-7253

PROBLEMTYPE DATA

problemtype:CWE-922

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-115456 // JVNDB: JVNDB-2017-002787 // NVD: CVE-2017-7253

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1081

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201703-1081

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002787

PATCH
title:Dahua IPC Information Disclosure & Privilege Escalationurl:https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02
Trust: 0.8
title:Dahua IP Camera Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99695
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002787 // 
            
            
            
            CNNVD: CNNVD-201703-1081

EXTERNAL IDS
db:NVDid:CVE-2017-7253
Trust: 3.4
db:BIDid:97263
Trust: 2.0
db:JVNDBid:JVNDB-2017-002787
Trust: 0.8
db:CNNVDid:CNNVD-201703-1081
Trust: 0.7
db:CNVDid:CNVD-2017-04888
Trust: 0.6
db:VULHUBid:VHN-115456
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04888 // 
            
            
            
            VULHUB: VHN-115456 // 
            
            
            
            BID: 97263 // 
            
            
            
            JVNDB: JVNDB-2017-002787 // 
            
            
            
            CNNVD: CNNVD-201703-1081 // 
            
            
            
            NVD: CVE-2017-7253

REFERENCES
url:https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02
Trust: 2.6
url:http://www.securityfocus.com/bid/97263
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7253
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7253
Trust: 0.8
url:www.dahuasecurity.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04888 // 
            
            
            
            VULHUB: VHN-115456 // 
            
            
            
            BID: 97263 // 
            
            
            
            JVNDB: JVNDB-2017-002787 // 
            
            
            
            CNNVD: CNNVD-201703-1081 // 
            
            
            
            NVD: CVE-2017-7253

CREDITS
Anonymous
Trust: 0.3
sources:
            
            
            BID: 97263

SOURCES
db:CNVDid:CNVD-2017-04888
db:VULHUBid:VHN-115456
db:BIDid:97263
db:JVNDBid:JVNDB-2017-002787
db:CNNVDid:CNNVD-201703-1081
db:NVDid:CVE-2017-7253

LAST UPDATE DATE
2025-04-20T23:38:33.157000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04888date:2017-04-21T00:00:00
db:VULHUBid:VHN-115456date:2019-10-03T00:00:00
db:BIDid:97263date:2017-04-04T00:02:00
db:JVNDBid:JVNDB-2017-002787date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1081date:2019-10-23T00:00:00
db:NVDid:CVE-2017-7253date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04888date:2017-04-21T00:00:00
db:VULHUBid:VHN-115456date:2017-03-30T00:00:00
db:BIDid:97263date:2017-03-30T00:00:00
db:JVNDBid:JVNDB-2017-002787date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1081date:2017-03-27T00:00:00
db:NVDid:CVE-2017-7253date:2017-03-30T18:59:00.170