Podatność CVE-2013-3612

Podatność CVE-2013-3612

Publikacja: 2013-09-17

Opis:

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

Typ:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
10/10	10/10	10/10

Wymagany dostęp	Złożoność ataku	Autoryzacja
Zdalny	Niska	Nie wymagana
Wpływ na poufność	Wpływ na integralność	Wpływ na dostępność
Pełny	Pełny	Pełny

Affected software
Dahuasecurity -> Dvr0804hf-u-e
Dahuasecurity -> Dvr2116c
Dahuasecurity -> Dvr5108h
Dahuasecurity -> Dvr5816
Dahuasecurity -> Dvr0404hd-a
Dahuasecurity -> Dvr1604hd-l
Dahuasecurity -> Dvr2116h
Dahuasecurity -> Dvr5108he
Dahuasecurity -> Dvr6404lf-s
Dahuasecurity -> Dvr0404hd-l
Dahuasecurity -> Dvr1604hd-s
Dahuasecurity -> Dvr2116hc
Dahuasecurity -> Dvr5116c
Dahuasecurity -> Dvr0404hd-s
Dahuasecurity -> Dvr1604hf-a-e
Dahuasecurity -> Dvr2116he
Dahuasecurity -> Dvr5116h
Dahuasecurity -> Dvr0404hd-u
Dahuasecurity -> Dvr1604hf-al-e
Dahuasecurity -> Dvr2404hf-s
Dahuasecurity -> Dvr5116he
Dahuasecurity -> Dvr0404hf-a-e
Dahuasecurity -> Dvr1604hf-l-e
Dahuasecurity -> Dvr2404lf-al
Dahuasecurity -> Dvr5204a
Dahuasecurity -> Dvr0404hf-al-e
Dahuasecurity -> Dvr1604hf-s-e
Dahuasecurity -> Dvr2404lf-s
Dahuasecurity -> Dvr5204l
Dahuasecurity -> Dvr0404hf-s-e
Dahuasecurity -> Dvr1604hf-u-e
Dahuasecurity -> Dvr3204hf-s
Dahuasecurity -> Dvr5208a
Dahuasecurity -> Dvr0404hf-u-e
Dahuasecurity -> Dvr2104c
Dahuasecurity -> Dvr3204lf-al
Dahuasecurity -> Dvr5208l
Dahuasecurity -> Dvr0804
Dahuasecurity -> Dvr2104h
Dahuasecurity -> Dvr3204lf-s
Dahuasecurity -> Dvr5216a
Dahuasecurity -> Dvr0804hd-l
Dahuasecurity -> Dvr2104hc
Dahuasecurity -> Dvr3224l
Dahuasecurity -> Dvr5216l
Dahuasecurity -> Dvr0804hd-s
Dahuasecurity -> Dvr2104he
Dahuasecurity -> Dvr3232l
Dahuasecurity -> Dvr5404
Dahuasecurity -> Dvr0804hf-a-e
Dahuasecurity -> Dvr2108c
Dahuasecurity -> Dvr5104c
Dahuasecurity -> Dvr5408
Dahuasecurity -> Dvr0804hf-al-e
Dahuasecurity -> Dvr2108h
Dahuasecurity -> Dvr5104h
Dahuasecurity -> Dvr5416
Dahuasecurity -> Dvr0804hf-l-e
Dahuasecurity -> Dvr2108hc
Dahuasecurity -> Dvr5104he
Dahuasecurity -> Dvr5804
Dahuasecurity -> Dvr0804hf-s-e
Dahuasecurity -> Dvr2108he
Dahuasecurity -> Dvr5108c
Dahuasecurity -> Dvr5808

Referencje:

http://www.kb.cert.org/vuls/id/800094

Podatność CVE-2013-3612

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

CWE-255

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Zdalny

Niska

Nie wymagana

Pełny

Pełny

Pełny

Affected software

Referencje: