Vulnerability CVE-2013-5754
Published: 2013-09-17   Modified: 2013-09-22

Description:
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Dahuasecurity -> Dvr0804hf-u-e 
Dahuasecurity -> Dvr2116c 
Dahuasecurity -> Dvr5108h 
Dahuasecurity -> Dvr5816 
Dahuasecurity -> Dvr0404hd-a 
Dahuasecurity -> Dvr1604hd-l 
Dahuasecurity -> Dvr2116h 
Dahuasecurity -> Dvr5108he 
Dahuasecurity -> Dvr6404lf-s 
Dahuasecurity -> Dvr0404hd-l 
Dahuasecurity -> Dvr1604hd-s 
Dahuasecurity -> Dvr2116hc 
Dahuasecurity -> Dvr5116c 
Dahuasecurity -> Dvr0404hd-s 
Dahuasecurity -> Dvr1604hf-a-e 
Dahuasecurity -> Dvr2116he 
Dahuasecurity -> Dvr5116h 
Dahuasecurity -> Dvr0404hd-u 
Dahuasecurity -> Dvr1604hf-al-e 
Dahuasecurity -> Dvr2404hf-s 
Dahuasecurity -> Dvr5116he 
Dahuasecurity -> Dvr0404hf-a-e 
Dahuasecurity -> Dvr1604hf-l-e 
Dahuasecurity -> Dvr2404lf-al 
Dahuasecurity -> Dvr5204a 
Dahuasecurity -> Dvr0404hf-al-e 
Dahuasecurity -> Dvr1604hf-s-e 
Dahuasecurity -> Dvr2404lf-s 
Dahuasecurity -> Dvr5204l 
Dahuasecurity -> Dvr0404hf-s-e 
Dahuasecurity -> Dvr1604hf-u-e 
Dahuasecurity -> Dvr3204hf-s 
Dahuasecurity -> Dvr5208a 
Dahuasecurity -> Dvr0404hf-u-e 
Dahuasecurity -> Dvr2104c 
Dahuasecurity -> Dvr3204lf-al 
Dahuasecurity -> Dvr5208l 
Dahuasecurity -> Dvr0804 
Dahuasecurity -> Dvr2104h 
Dahuasecurity -> Dvr3204lf-s 
Dahuasecurity -> Dvr5216a 
Dahuasecurity -> Dvr0804hd-l 
Dahuasecurity -> Dvr2104hc 
Dahuasecurity -> Dvr3224l 
Dahuasecurity -> Dvr5216l 
Dahuasecurity -> Dvr0804hd-s 
Dahuasecurity -> Dvr2104he 
Dahuasecurity -> Dvr3232l 
Dahuasecurity -> Dvr5404 
Dahuasecurity -> Dvr0804hf-a-e 
Dahuasecurity -> Dvr2108c 
Dahuasecurity -> Dvr5104c 
Dahuasecurity -> Dvr5408 
Dahuasecurity -> Dvr0804hf-al-e 
Dahuasecurity -> Dvr2108h 
Dahuasecurity -> Dvr5104h 
Dahuasecurity -> Dvr5416 
Dahuasecurity -> Dvr0804hf-l-e 
Dahuasecurity -> Dvr2108hc 
Dahuasecurity -> Dvr5104he 
Dahuasecurity -> Dvr5804 
Dahuasecurity -> Dvr0804hf-s-e 
Dahuasecurity -> Dvr2108he 
Dahuasecurity -> Dvr5108c 
Dahuasecurity -> Dvr5808 

 References:
http://www.kb.cert.org/vuls/id/800094
Copyright 2024, cxsecurity.com

 

Back to Top