Vulnerability CVE-2017-9315
Published: 2017-11-28   Modified: 2017-11-29

Description:
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Dahuasecurity -> Ipc-hf8xxx firmware 
Dahuasecurity -> Dh-sd2xxxxx firmware 
Dahuasecurity -> Ipc-hfw1xxx firmware 
Dahuasecurity -> Dh-sd4xxxxx firmware 
Dahuasecurity -> Ipc-hfw2xxx firmware 
Dahuasecurity -> Dh-sd5xxxxx firmware 
Dahuasecurity -> Ipc-hfw4xxx firmware 
Dahuasecurity -> Dh-sd6xxxxx firmware 
Dahuasecurity -> Ipc-hfw5xxx firmware 
Dahuasecurity -> Ipc-ebw8xxx firmware 
Dahuasecurity -> Ipc-hfw8xxx firmware 
Dahuasecurity -> Ipc-hdbw1xxx firmware 
Dahuasecurity -> Ipc-hum8xxx firmware 
Dahuasecurity -> Ipc-hdbw2xxx firmware 
Dahuasecurity -> Ipc-pdbw8xxx firmware 
Dahuasecurity -> Ipc-hdbw4xxx firmware 
Dahuasecurity -> Ipc-pfw8xxx firmware 
Dahuasecurity -> Ipc-hdbw5xxx firmware 
Dahuasecurity -> Psd8xxxx firmware 
Dahuasecurity -> Ipc-hdbw8xxx firmware 
Dahuasecurity -> Ipc-hdw1xxx firmware 
Dahuasecurity -> Ipc-hdw2xxx firmware 
Dahuasecurity -> Ipc-hdw4xxx firmware 
Dahuasecurity -> Ipc-hdw5xxx firmware 
Dahuasecurity -> Ipc-hf5xxx firmware 

 References:
http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html
Copyright 2024, cxsecurity.com

 

Back to Top