Details of VAR-201711-1048

ID

VAR-201711-1048

CVE

CVE-2017-9316

TITLE

plural Dahua Technology Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-011146

DESCRIPTION

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. plural Dahua Technology The product contains authentication vulnerabilities.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. DahuaIPC-HDW4300S is the IP camera equipment of Dahua Company of China. The following products are affected: Dahua IPC-HDW4300S; NVR11HS; IPC-HFW4X00; IPC-HDW4X00; IPC-HDBW4X00;

Trust: 2.34

sources: NVD: CVE-2017-9316 // JVNDB: JVNDB-2017-011146 // CNVD: CNVD-2017-38226 // VULHUB: VHN-117519 // VULMON: CVE-2017-9316

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-38226

AFFECTED PRODUCTS

vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.5.r.20170305	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.5.r.20161226	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.1.r.20150420	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.5.r.20160409	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.5.r.20170321	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.5.r.20160603	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.2.r.20150715	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.3.r.20150921	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.0.r.20150206	Trust: 1.6
vendor:	dahuasecurity	model:	nvr11hs	scope:	eq	version:	3.210.0000.5.r.20160803	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.240.0009.0.r.20131015	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.420.0000.0.r.20140419	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.420.0002.0.r.20140724	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hfw5x00	scope:	eq	version:	2.400.0000.3.r.20150312	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.420.0005.0.r.20141205	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdbw5x00	scope:	eq	version:	2.400.0000.3.r.20150312	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdbw4x00	scope:	eq	version:	2.400.0000.3.r.20150312	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdbw4x00	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hfw4x00	scope:	eq	version:	2.400.0000.3.r.20150312	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.420.0008.0.r.20150710	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hfw4x00	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hf5x00	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.420.0007.0.r.20150409	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.400.0000.0.r.20131231	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4x00	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hfw5x00	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdbw5x00	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4x00	scope:	eq	version:	2.400.0000.3.r.20150312	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw4300s	scope:	eq	version:	2.420.0002.0.r.20140621	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw5x00	scope:	eq	version:	2.400.0000.3.r.20150312	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw5x00	scope:	eq	version:	2.420.0006.0.r.20150311	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hf5x00	scope:	eq	version:	2.400.0000.3.r.20150312	Trust: 1.0
vendor:	dahua	model:	ipc-hdbw4x00	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdbw5x00	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdw4300s	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdw4x00	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdw5x00	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hf5x00	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hfw4x00	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hfw5x00	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	nvr11hs	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	security dh-ipc-hdw1xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-ipc-hdw2xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-ipc-hdw4xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-ipc-hfw1xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-ipc-hfw2xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-ipc-hfw4xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-sd6cxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-nvr1xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-hcvr4xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security dh-hcvr5xxx	scope:	-	version:	-	Trust: 0.6
vendor:	dahua	model:	security nvr11hs	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-38226 // JVNDB: JVNDB-2017-011146 // CNNVD: CNNVD-201705-1392 // NVD: CVE-2017-9316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9316
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-9316
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-38226
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201705-1392
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-117519
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-9316
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9316
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-38226
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-117519
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9316
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.2
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-38226 // VULHUB: VHN-117519 // VULMON: CVE-2017-9316 // JVNDB: JVNDB-2017-011146 // CNNVD: CNNVD-201705-1392 // NVD: CVE-2017-9316

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-117519 // JVNDB: JVNDB-2017-011146 // NVD: CVE-2017-9316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1392

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201705-1392

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011146

PATCH

title:	Top Page	url:	http://www.dahuasecurity.com/	Trust: 0.8
title:	A variety of Dahua product authentication bypass vulnerability patches	url:	https://www.cnvd.org.cn/patchInfo/show/111823	Trust: 0.6

sources: CNVD: CNVD-2017-38226 // JVNDB: JVNDB-2017-011146

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9316	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-011146	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-1392	Trust: 0.7
db:	CNVD	id:	CNVD-2017-38226	Trust: 0.6
db:	VULHUB	id:	VHN-117519	Trust: 0.1
db:	VULMON	id:	CVE-2017-9316	Trust: 0.1

sources: CNVD: CNVD-2017-38226 // VULHUB: VHN-117519 // VULMON: CVE-2017-9316 // JVNDB: JVNDB-2017-011146 // CNNVD: CNNVD-201705-1392 // NVD: CVE-2017-9316

REFERENCES

url:	http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9316	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9316	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-38226 // VULHUB: VHN-117519 // VULMON: CVE-2017-9316 // JVNDB: JVNDB-2017-011146 // CNNVD: CNNVD-201705-1392 // NVD: CVE-2017-9316

SOURCES

db:	CNVD	id:	CNVD-2017-38226
db:	VULHUB	id:	VHN-117519
db:	VULMON	id:	CVE-2017-9316
db:	JVNDB	id:	JVNDB-2017-011146
db:	CNNVD	id:	CNNVD-201705-1392
db:	NVD	id:	CVE-2017-9316

LAST UPDATE DATE

2025-04-20T23:22:07.920000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-38226	date:	2017-12-27T00:00:00
db:	VULHUB	id:	VHN-117519	date:	2017-12-20T00:00:00
db:	VULMON	id:	CVE-2017-9316	date:	2017-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-011146	date:	2018-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201705-1392	date:	2017-11-28T00:00:00
db:	NVD	id:	CVE-2017-9316	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-38226	date:	2017-12-27T00:00:00
db:	VULHUB	id:	VHN-117519	date:	2017-11-27T00:00:00
db:	VULMON	id:	CVE-2017-9316	date:	2017-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-011146	date:	2018-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201705-1392	date:	2017-05-30T00:00:00
db:	NVD	id:	CVE-2017-9316	date:	2017-11-27T17:29:00.207