CVE-2017-9316

Published Nov 27, 2017
Last updated 7 years ago
CVSS medium 6.5
Overview

Description: Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
Source: cybersecurity@dahuatech.com
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 4.2
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-287
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F5669BA-5C1F-4F52-9D79-8776282E5A44"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA79412C-1BC8-4655-8436-E1A5717E6350"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83F2F333-8891-4D55-90C4-6313276DE7D0"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8B600A3-09B2-4ABD-B186-BCFBF515D246"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C03BAA9-3FC9-469A-B1E5-62707976CBAC"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B45C75C6-8C05-4329-A90F-0230E92B2ECF"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33CB1BFB-1D29-4D39-948E-099D1CB4A154"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AF362C3-DA4A-4E7C-85D9-05940C69BBB7"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E44881D9-EB60-477B-8B63-DE76F2E2EF2C"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D728DCB-8F1F-44F1-9F7D-E8D9C4D15A14"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:nvr11hs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E897BE3B-42DC-4818-974E-E0B4888E8C13"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B986666-C017-4F6E-81B4-00CB607BFA8C"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "130851B8-3EF5-4E9B-91F2-BBC2637854DA"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C8B4DD7-BFA0-4702-85EC-DDF6204B110C"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB77D367-6AB0-4D4C-9499-F4B1EB7CB45E"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "480879F4-B4CE-47B6-AEB3-3F2A3352764F"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ACE8717-A584-4744-8ED6-189EE125B45D"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA7E4FC4-9552-48BA-9A9D-4489CA923D37"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42228E00-D80B-4B4C-A006-022EFC141B4F"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CC6C72D-7C18-4072-8498-A5264A9D81F7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD4DEAC6-BAE1-4591-A687-008DBBC148D1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1070CF92-6AC4-4D1A-8122-2347468DE160"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8B48283-EC41-49E4-A6C6-B4FF3A9F0AEC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D0B291B-A24A-4A4F-8449-872103F12B14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "801B77F7-BE17-4DE3-844D-5D528B916261"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07D98F00-29B6-41A6-A8FD-4FA4C19338E3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EF19BD61-B331-4EAF-8F08-EB9DCFEF01ED"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24DCC8E6-3623-4A19-9434-2219ECEE52C3"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A2F64D9-6DA0-4088-BC44-FBD0562B0995"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "54666037-AEE9-4AA4-8FDE-AC7944D91FDB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA374D52-FB4F-433B-8841-5886D13F9C8F"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95A6D3CD-E051-4DD5-88FD-3674A9347A27"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hf5x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "253995B9-6787-4F11-A949-AA5FFAEF7119"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D33C6F49-6687-40A8-A24B-324B13ED6ED8"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20D1B4E9-F520-4A80-9BD0-148B958997A5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "390E4C77-C40D-416B-8BED-260E444A0271"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B25302A-0E7D-4BD7-98FC-5E7B6832A660"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5827DC8-D95E-409A-AA40-59B3306FB115"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E23BA234-BE9C-40B4-AF21-EC0DC2E40F8C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBAC30B4-19EA-4D2F-8E44-1795D118A904"
          },
          {
            "criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25F0821A-852B-4EC7-A5F8-6536400F9237"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4EC94754-E15D-42C8-A8B2-C5D1C3595DA3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
