Vulnerability CVE-2013-3613

Vulnerability CVE-2013-3613

Published: 2013-09-17

Description:

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.8/10	6.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	None	None

Affected software
Dahuasecurity -> Dvr5108h
Dahuasecurity -> Dvr5816
Dahuasecurity -> Dvr0804hf-u-e
Dahuasecurity -> Dvr2116c
Dahuasecurity -> Dvr5108he
Dahuasecurity -> Dvr6404lf-s
Dahuasecurity -> Dvr0404hd-a
Dahuasecurity -> Dvr1604hd-l
Dahuasecurity -> Dvr2116h
Dahuasecurity -> Dvr5116c
Dahuasecurity -> Dvr0404hd-l
Dahuasecurity -> Dvr1604hd-s
Dahuasecurity -> Dvr2116hc
Dahuasecurity -> Dvr5116h
Dahuasecurity -> Dvr0404hd-s
Dahuasecurity -> Dvr1604hf-a-e
Dahuasecurity -> Dvr2116he
Dahuasecurity -> Dvr5116he
Dahuasecurity -> Dvr0404hd-u
Dahuasecurity -> Dvr1604hf-al-e
Dahuasecurity -> Dvr2404hf-s
Dahuasecurity -> Dvr5204a
Dahuasecurity -> Dvr0404hf-a-e
Dahuasecurity -> Dvr1604hf-l-e
Dahuasecurity -> Dvr2404lf-al
Dahuasecurity -> Dvr5204l
Dahuasecurity -> Dvr0404hf-al-e
Dahuasecurity -> Dvr1604hf-s-e
Dahuasecurity -> Dvr2404lf-s
Dahuasecurity -> Dvr5208a
Dahuasecurity -> Dvr0404hf-s-e
Dahuasecurity -> Dvr1604hf-u-e
Dahuasecurity -> Dvr3204hf-s
Dahuasecurity -> Dvr5208l
Dahuasecurity -> Dvr0404hf-u-e
Dahuasecurity -> Dvr2104c
Dahuasecurity -> Dvr3204lf-al
Dahuasecurity -> Dvr5216a
Dahuasecurity -> Dvr0804
Dahuasecurity -> Dvr2104h
Dahuasecurity -> Dvr3204lf-s
Dahuasecurity -> Dvr5216l
Dahuasecurity -> Dvr0804hd-l
Dahuasecurity -> Dvr2104hc
Dahuasecurity -> Dvr3224l
Dahuasecurity -> Dvr5404
Dahuasecurity -> Dvr0804hd-s
Dahuasecurity -> Dvr2104he
Dahuasecurity -> Dvr3232l
Dahuasecurity -> Dvr5408
Dahuasecurity -> Dvr0804hf-a-e
Dahuasecurity -> Dvr2108c
Dahuasecurity -> Dvr5104c
Dahuasecurity -> Dvr5416
Dahuasecurity -> Dvr0804hf-al-e
Dahuasecurity -> Dvr2108h
Dahuasecurity -> Dvr5104h
Dahuasecurity -> Dvr5804
Dahuasecurity -> Dvr0804hf-l-e
Dahuasecurity -> Dvr2108hc
Dahuasecurity -> Dvr5104he
Dahuasecurity -> Dvr5108c
Dahuasecurity -> Dvr5808
Dahuasecurity -> Dvr0804hf-s-e
Dahuasecurity -> Dvr2108he

References:

http://www.kb.cert.org/vuls/id/800094

Vulnerability CVE-2013-3613

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.

CWE-287

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

7.8/10

6.9/10

10/10

Remote

Low

No required

Complete

None

None

Affected software

References: