Search criteria
4 vulnerabilities by Dahua Technologies
CVE-2017-9317 (GCVE-0-2017-9317)
Vulnerability from cvelistv5 – Published: 2018-05-23 15:00 – Updated: 2024-09-16 19:36
VLAI?
Summary
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
Severity ?
No CVSS data available.
CWE
- Privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua Technologies | XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX |
Affected:
Build before 2017/09
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
"vendor": "Dahua Technologies",
"versions": [
{
"status": "affected",
"version": "Build before 2017/09"
}
]
}
],
"datePublic": "2018-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-23T14:57:01",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"DATE_PUBLIC": "2018-03-16T00:00:00",
"ID": "CVE-2017-9317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
"version": {
"version_data": [
{
"version_value": "Build before 2017/09"
}
]
}
}
]
},
"vendor_name": "Dahua Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337",
"refsource": "CONFIRM",
"url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2017-9317",
"datePublished": "2018-05-23T15:00:00Z",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-09-16T19:36:50.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9315 (GCVE-0-2017-9315)
Vulnerability from cvelistv5 – Published: 2017-11-28 19:00 – Updated: 2024-09-17 02:31
VLAI?
Summary
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
Severity ?
No CVSS data available.
CWE
- risk of sensitive information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
"vendor": "Dahua Technologies",
"versions": [
{
"status": "affected",
"version": "Versions Build between 2015/07 and 2017/03"
}
]
}
],
"datePublic": "2017-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "risk of sensitive information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T18:57:01",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"DATE_PUBLIC": "2017-11-10T00:00:00",
"ID": "CVE-2017-9315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
"version": {
"version_data": [
{
"version_value": "Versions Build between 2015/07 and 2017/03"
}
]
}
}
]
},
"vendor_name": "Dahua Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "risk of sensitive information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html",
"refsource": "CONFIRM",
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2017-9315",
"datePublished": "2017-11-28T19:00:00Z",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-09-17T02:31:08.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9316 (GCVE-0-2017-9316)
Vulnerability from cvelistv5 – Published: 2017-11-27 17:00 – Updated: 2024-09-16 22:29
VLAI?
Summary
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
Severity ?
No CVSS data available.
CWE
- Firmware upgrade authentication bypass vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua Technologies | IPC-HDW4300S\NVR11HS\IPC-HFW4X00\IPC-HDW4X00\IPC-HDBW4X00\IPC-HF5X00\IPC-HFW5X00\IPC-HDW5X00\IPC-HDBW5X00\NVR11HS |
Affected:
References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPC-HDW4300S\\NVR11HS\\IPC-HFW4X00\\IPC-HDW4X00\\IPC-HDBW4X00\\IPC-HF5X00\\IPC-HFW5X00\\IPC-HDW5X00\\IPC-HDBW5X00\\NVR11HS",
"vendor": "Dahua Technologies",
"versions": [
{
"status": "affected",
"version": "References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
}
]
}
],
"datePublic": "2017-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Firmware upgrade authentication bypass vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-27T16:57:01",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"DATE_PUBLIC": "2017-11-18T00:00:00",
"ID": "CVE-2017-9316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPC-HDW4300S\\NVR11HS\\IPC-HFW4X00\\IPC-HDW4X00\\IPC-HDBW4X00\\IPC-HF5X00\\IPC-HFW5X00\\IPC-HDW5X00\\IPC-HDBW5X00\\NVR11HS",
"version": {
"version_data": [
{
"version_value": "References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
}
]
}
}
]
},
"vendor_name": "Dahua Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Firmware upgrade authentication bypass vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html",
"refsource": "CONFIRM",
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2017-9316",
"datePublished": "2017-11-27T17:00:00Z",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-09-16T22:29:39.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9314 (GCVE-0-2017-9314)
Vulnerability from cvelistv5 – Published: 2017-11-13 16:00 – Updated: 2024-09-16 16:38
VLAI?
Summary
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.
Severity ?
No CVSS data available.
CWE
- Authentication vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dahua Technologies | NVR50XX, VR52XX, VR54XX, VR58XX |
Affected:
Versions Build between 2013 and 2017/10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NVR50XX, VR52XX, VR54XX, VR58XX",
"vendor": "Dahua Technologies",
"versions": [
{
"status": "affected",
"version": "Versions Build between 2013 and 2017/10"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-13T15:57:01",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"DATE_PUBLIC": "2017-11-08T00:00:00",
"ID": "CVE-2017-9314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NVR50XX, VR52XX, VR54XX, VR58XX",
"version": {
"version_data": [
{
"version_value": "Versions Build between 2013 and 2017/10"
}
]
}
}
]
},
"vendor_name": "Dahua Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html",
"refsource": "CONFIRM",
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2017-9314",
"datePublished": "2017-11-13T16:00:00Z",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-09-16T16:38:14.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}