Vulnerability CVE-2017-9316


Published: 2017-11-27

Description:
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Dahuasecurity -> Ipc-hdbw4x00 firmware 
Dahuasecurity -> Ipc-hdbw5x00 firmware 
Dahuasecurity -> Ipc-hdw4300s firmware 
Dahuasecurity -> Ipc-hdw4x00 firmware 
Dahuasecurity -> Ipc-hdw5x00 firmware 
Dahuasecurity -> Ipc-hf5x00 firmware 
Dahuasecurity -> Ipc-hfw4x00 firmware 
Dahuasecurity -> Ipc-hfw5x00 firmware 
Dahuasecurity -> Nvr11hs firmware 

 References:
http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html

Copyright 2024, cxsecurity.com

 

Back to Top