Sign-up

ID

VAR-201703-1378


TITLE

Dahua Technology Camera Products Unauthorized Access Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-02798

DESCRIPTION

DH-IPC-HDW23A0RN-ZS, DH-IPC-HFW13A0SN-W, DHI-HCVR51A04HE-S3, etc. are various camera products of Dahua Technology. Unauthorized access vulnerability exists in Dahua Technology's camera products, allowing an attacker to access the user database of the camera product without administrator rights, extracting the user name and hash password, and directly logging in to the camera using the username and hash password. Get the relevant permissions for this camera.

Trust: 0.6

sources: CNVD: CNVD-2017-02798

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02798

AFFECTED PRODUCTS

vendor:dahuamodel:security dhi-hcvr58a32s-s2scope: - version: -

Trust: 0.6

vendor:dahuamodel:security dhi-hcvr51a08he-s3scope: - version: -

Trust: 0.6

vendor:dahuamodel:security dhi-hcvr51a04he-s3scope: - version: -

Trust: 0.6

vendor:dahuamodel:security dh-ipc-hfw13a0sn-wscope: - version: -

Trust: 0.6

vendor:dahuamodel:security dh-ipc-hdw13a0snscope: - version: -

Trust: 0.6

vendor:dahuamodel:security dh-ipc-hdbw13a0snscope: - version: -

Trust: 0.6

vendor:dahuamodel:security dh-ipc-hdbw23a0rn-zsscope: - version: -

Trust: 0.6

vendor:dahuamodel:security dh-ipc-hdw23a0rn-zsscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-02798

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-02798
value: HIGH

Trust: 0.6

CNVD: CNVD-2017-02798
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-02798

PATCH

title:Dahua Technology Camera Products Unauthorized Access Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/90514

Trust: 0.6

sources: CNVD: CNVD-2017-02798

EXTERNAL IDS

db:CNVDid:CNVD-2017-02798

Trust: 0.6

sources: CNVD: CNVD-2017-02798

REFERENCES

url:https://ipvm.com/reports/dahua-backdoor?code=bash

Trust: 0.6

sources: CNVD: CNVD-2017-02798

SOURCES

db:CNVDid:CNVD-2017-02798

LAST UPDATE DATE

2022-05-04T10:26:57.319000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-02798date:2017-03-16T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-02798date:2017-03-16T00:00:00