Details of VAR-201711-1046

ID

VAR-201711-1046

CVE

CVE-2017-9314

TITLE

Dahua NVR Authentication vulnerabilities in model software

Trust: 0.8

sources: JVNDB: JVNDB-2017-010134

DESCRIPTION

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. Dahua NVR The model software contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaNVR50XX and so on are all Dahua's network hard disk camera products. There are security vulnerabilities in several Dahua products

Trust: 2.16

sources: NVD: CVE-2017-9314 // JVNDB: JVNDB-2017-010134 // CNVD: CNVD-2017-36534

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-36534

AFFECTED PRODUCTS

vendor:	dahuasecurity	model:	nvr5224-24p-4ks2	scope:	lt	version:	dh_nvr5224_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5216-4ks2	scope:	lt	version:	dh_nvr5216_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5816-16p-4ks2	scope:	lt	version:	dh_nvr5816_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5832-4ks2	scope:	lt	version:	dh_nvr5832_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5864-16p-4ks2	scope:	lt	version:	dh_nvr5864_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5232-4ks2	scope:	lt	version:	dh_nvr5232_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5232-16p-4ks2	scope:	lt	version:	dh_nvr5232_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5416-4ks2	scope:	lt	version:	dh_nvr5416_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5208-8p-4ks2	scope:	lt	version:	dh_nvr5208_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5464-4ks2	scope:	lt	version:	dh_nvr5464_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5216-8p-4ks2	scope:	lt	version:	dh_nvr5216_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5464-16p-4ks2	scope:	lt	version:	dh_nvr5464_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5216-16p-4ks2	scope:	lt	version:	dh_nvr5216_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5432-4ks2	scope:	lt	version:	dh_nvr5432_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5816-4ks2	scope:	lt	version:	dh_nvr5816_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5416-16p-4ks2	scope:	lt	version:	dh_nvr5416_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5432-16p-4ks2	scope:	lt	version:	dh_nvr5432_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5832-16p-4ks2	scope:	lt	version:	dh_nvr5832_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5864-4ks2	scope:	lt	version:	dh_nvr5864_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5208-4ks2	scope:	lt	version:	dh_nvr5208_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5232-8p-4ks2	scope:	lt	version:	dh_nvr5232_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahuasecurity	model:	nvr5424-24p-4ks2	scope:	lt	version:	dh_nvr5424_eng_p_v2.616.0000.0.r.20171102	Trust: 1.0
vendor:	dahua	model:	nvr5208-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5208-8p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5216-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5216-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5216-8p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5224-24p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5232-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5232-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5232-8p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5416-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5416-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5424-24p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5432-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5432-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5464-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5464-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5816-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5816-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5832-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5832-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5864-16p-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr5864-4ks2	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	security dh nvr5xxx <eng p v2.616.0000.0.r.20171102	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security nvr52xx <dh nvr5xxx eng p v2.616.0000.0.r.20171102	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security nvr54xx <dh nvr5xxx eng p v2.616.0000.0.r.20171102	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security nvr58xx <dh nvr5xxx eng p v2.616.0000.0.r.20171102	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-36534 // JVNDB: JVNDB-2017-010134 // NVD: CVE-2017-9314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9314
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-9314
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-36534
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201705-1394
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-9314
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-36534
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-9314
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-36534 // JVNDB: JVNDB-2017-010134 // CNNVD: CNNVD-201705-1394 // NVD: CVE-2017-9314

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-010134 // NVD: CVE-2017-9314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1394

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201705-1394

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010134

PATCH

title:	DHCC-SA-201711-002	url:	http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html	Trust: 0.8
title:	Patches for multiple Dahua product access verification vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/108305	Trust: 0.6

sources: CNVD: CNVD-2017-36534 // JVNDB: JVNDB-2017-010134

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9314	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-010134	Trust: 0.8
db:	CNVD	id:	CNVD-2017-36534	Trust: 0.6
db:	CNNVD	id:	CNNVD-201705-1394	Trust: 0.6

sources: CNVD: CNVD-2017-36534 // JVNDB: JVNDB-2017-010134 // CNNVD: CNNVD-201705-1394 // NVD: CVE-2017-9314

REFERENCES

url:	http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9314	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9314	Trust: 0.8

sources: CNVD: CNVD-2017-36534 // JVNDB: JVNDB-2017-010134 // CNNVD: CNNVD-201705-1394 // NVD: CVE-2017-9314

SOURCES

db:	CNVD	id:	CNVD-2017-36534
db:	JVNDB	id:	JVNDB-2017-010134
db:	CNNVD	id:	CNNVD-201705-1394
db:	NVD	id:	CVE-2017-9314

LAST UPDATE DATE

2025-04-20T23:23:29.328000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-36534	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010134	date:	2017-12-06T00:00:00
db:	CNNVD	id:	CNNVD-201705-1394	date:	2017-11-14T00:00:00
db:	NVD	id:	CVE-2017-9314	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-36534	date:	2017-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-010134	date:	2017-12-06T00:00:00
db:	CNNVD	id:	CNNVD-201705-1394	date:	2017-05-30T00:00:00
db:	NVD	id:	CVE-2017-9314	date:	2017-11-13T16:29:00.327