CVE-2017-9316 (GCVE-0-2017-9316)

Vulnerability from cvelistv5 – Published: 2017-11-27 17:00 – Updated: 2024-09-16 22:29
VLAI?
Summary
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
Severity ?
No CVSS data available.
CWE
  • Firmware upgrade authentication bypass vulnerability
Assigner
References
Impacted products
Vendor Product Version
Dahua Technologies IPC-HDW4300S\NVR11HS\IPC-HFW4X00\IPC-HDW4X00\IPC-HDBW4X00\IPC-HF5X00\IPC-HFW5X00\IPC-HDW5X00\IPC-HDBW5X00\NVR11HS Affected: References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IPC-HDW4300S\\NVR11HS\\IPC-HFW4X00\\IPC-HDW4X00\\IPC-HDBW4X00\\IPC-HF5X00\\IPC-HFW5X00\\IPC-HDW5X00\\IPC-HDBW5X00\\NVR11HS",
          "vendor": "Dahua Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
            }
          ]
        }
      ],
      "datePublic": "2017-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Firmware upgrade authentication bypass vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-27T16:57:01",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "DATE_PUBLIC": "2017-11-18T00:00:00",
          "ID": "CVE-2017-9316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IPC-HDW4300S\\NVR11HS\\IPC-HFW4X00\\IPC-HDW4X00\\IPC-HDBW4X00\\IPC-HF5X00\\IPC-HFW5X00\\IPC-HDW5X00\\IPC-HDBW5X00\\NVR11HS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dahua Technologies"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Firmware upgrade authentication bypass vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html",
              "refsource": "CONFIRM",
              "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2017-9316",
    "datePublished": "2017-11-27T17:00:00Z",
    "dateReserved": "2017-05-30T00:00:00",
    "dateUpdated": "2024-09-16T22:29:39.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F5669BA-5C1F-4F52-9D79-8776282E5A44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA79412C-1BC8-4655-8436-E1A5717E6350\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83F2F333-8891-4D55-90C4-6313276DE7D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8B600A3-09B2-4ABD-B186-BCFBF515D246\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C03BAA9-3FC9-469A-B1E5-62707976CBAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B45C75C6-8C05-4329-A90F-0230E92B2ECF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33CB1BFB-1D29-4D39-948E-099D1CB4A154\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5AF362C3-DA4A-4E7C-85D9-05940C69BBB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E44881D9-EB60-477B-8B63-DE76F2E2EF2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D728DCB-8F1F-44F1-9F7D-E8D9C4D15A14\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:nvr11hs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E897BE3B-42DC-4818-974E-E0B4888E8C13\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B986666-C017-4F6E-81B4-00CB607BFA8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"130851B8-3EF5-4E9B-91F2-BBC2637854DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C8B4DD7-BFA0-4702-85EC-DDF6204B110C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB77D367-6AB0-4D4C-9499-F4B1EB7CB45E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"480879F4-B4CE-47B6-AEB3-3F2A3352764F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ACE8717-A584-4744-8ED6-189EE125B45D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA7E4FC4-9552-48BA-9A9D-4489CA923D37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42228E00-D80B-4B4C-A006-022EFC141B4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CC6C72D-7C18-4072-8498-A5264A9D81F7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD4DEAC6-BAE1-4591-A687-008DBBC148D1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1070CF92-6AC4-4D1A-8122-2347468DE160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8B48283-EC41-49E4-A6C6-B4FF3A9F0AEC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D0B291B-A24A-4A4F-8449-872103F12B14\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"801B77F7-BE17-4DE3-844D-5D528B916261\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07D98F00-29B6-41A6-A8FD-4FA4C19338E3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF19BD61-B331-4EAF-8F08-EB9DCFEF01ED\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24DCC8E6-3623-4A19-9434-2219ECEE52C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A2F64D9-6DA0-4088-BC44-FBD0562B0995\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54666037-AEE9-4AA4-8FDE-AC7944D91FDB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA374D52-FB4F-433B-8841-5886D13F9C8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95A6D3CD-E051-4DD5-88FD-3674A9347A27\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hf5x00:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"253995B9-6787-4F11-A949-AA5FFAEF7119\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D33C6F49-6687-40A8-A24B-324B13ED6ED8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20D1B4E9-F520-4A80-9BD0-148B958997A5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"390E4C77-C40D-416B-8BED-260E444A0271\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B25302A-0E7D-4BD7-98FC-5E7B6832A660\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5827DC8-D95E-409A-AA40-59B3306FB115\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E23BA234-BE9C-40B4-AF21-EC0DC2E40F8C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBAC30B4-19EA-4D2F-8E44-1795D118A904\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25F0821A-852B-4EC7-A5F8-6536400F9237\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EC94754-E15D-42C8-A8B2-C5D1C3595DA3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n de actualizaci\\u00f3n de firmware en Dahua IPC-HDW4300S y algunos productos IP. La vulnerabilidad fue provocada por la funci\\u00f3n interna de depuraci\\u00f3n. Esta funci\\u00f3n en particular fue empleada para analizar problemas y ajustar el rendimiento durante la fase de desarrollo del producto. Permit\\u00eda que el dispositivo reciba solo datos espec\\u00edficos (una direcci\\u00f3n, sin transmitir) y, por lo tanto, no estaba implicada en ninguna instancia de recolecci\\u00f3n de datos privados del usuario o de permisi\\u00f3n de ejecuci\\u00f3n remota de c\\u00f3digo.\"}]",
      "id": "CVE-2017-9316",
      "lastModified": "2024-11-21T03:35:49.463",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-27T17:29:00.207",
      "references": "[{\"url\": \"http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html\", \"source\": \"cybersecurity@dahuatech.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@dahuatech.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9316\",\"sourceIdentifier\":\"cybersecurity@dahuatech.com\",\"published\":\"2017-11-27T17:29:00.207\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de actualizaci\u00f3n de firmware en Dahua IPC-HDW4300S y algunos productos IP. La vulnerabilidad fue provocada por la funci\u00f3n interna de depuraci\u00f3n. Esta funci\u00f3n en particular fue empleada para analizar problemas y ajustar el rendimiento durante la fase de desarrollo del producto. Permit\u00eda que el dispositivo reciba solo datos espec\u00edficos (una direcci\u00f3n, sin transmitir) y, por lo tanto, no estaba implicada en ninguna instancia de recolecci\u00f3n de datos privados del usuario o de permisi\u00f3n de ejecuci\u00f3n remota de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5669BA-5C1F-4F52-9D79-8776282E5A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA79412C-1BC8-4655-8436-E1A5717E6350\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83F2F333-8891-4D55-90C4-6313276DE7D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8B600A3-09B2-4ABD-B186-BCFBF515D246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C03BAA9-3FC9-469A-B1E5-62707976CBAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B45C75C6-8C05-4329-A90F-0230E92B2ECF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33CB1BFB-1D29-4D39-948E-099D1CB4A154\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AF362C3-DA4A-4E7C-85D9-05940C69BBB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44881D9-EB60-477B-8B63-DE76F2E2EF2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D728DCB-8F1F-44F1-9F7D-E8D9C4D15A14\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:nvr11hs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E897BE3B-42DC-4818-974E-E0B4888E8C13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B986666-C017-4F6E-81B4-00CB607BFA8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"130851B8-3EF5-4E9B-91F2-BBC2637854DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C8B4DD7-BFA0-4702-85EC-DDF6204B110C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB77D367-6AB0-4D4C-9499-F4B1EB7CB45E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"480879F4-B4CE-47B6-AEB3-3F2A3352764F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACE8717-A584-4744-8ED6-189EE125B45D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA7E4FC4-9552-48BA-9A9D-4489CA923D37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42228E00-D80B-4B4C-A006-022EFC141B4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC6C72D-7C18-4072-8498-A5264A9D81F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD4DEAC6-BAE1-4591-A687-008DBBC148D1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1070CF92-6AC4-4D1A-8122-2347468DE160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8B48283-EC41-49E4-A6C6-B4FF3A9F0AEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D0B291B-A24A-4A4F-8449-872103F12B14\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"801B77F7-BE17-4DE3-844D-5D528B916261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07D98F00-29B6-41A6-A8FD-4FA4C19338E3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF19BD61-B331-4EAF-8F08-EB9DCFEF01ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DCC8E6-3623-4A19-9434-2219ECEE52C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A2F64D9-6DA0-4088-BC44-FBD0562B0995\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54666037-AEE9-4AA4-8FDE-AC7944D91FDB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA374D52-FB4F-433B-8841-5886D13F9C8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95A6D3CD-E051-4DD5-88FD-3674A9347A27\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hf5x00:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253995B9-6787-4F11-A949-AA5FFAEF7119\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D33C6F49-6687-40A8-A24B-324B13ED6ED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20D1B4E9-F520-4A80-9BD0-148B958997A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"390E4C77-C40D-416B-8BED-260E444A0271\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B25302A-0E7D-4BD7-98FC-5E7B6832A660\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5827DC8-D95E-409A-AA40-59B3306FB115\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23BA234-BE9C-40B4-AF21-EC0DC2E40F8C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBAC30B4-19EA-4D2F-8E44-1795D118A904\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25F0821A-852B-4EC7-A5F8-6536400F9237\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EC94754-E15D-42C8-A8B2-C5D1C3595DA3\"}]}]}],\"references\":[{\"url\":\"http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html\",\"source\":\"cybersecurity@dahuatech.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.