Executive Summary
Summary | |
---|---|
Title | Dahua Security DVRs contain multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#800094 | First vendor Publication | 2013-09-13 |
Vendor | VU-CERT | Last vendor Modification | 2013-09-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#800094Dahua Security DVRs contain multiple vulnerabilitiesOverviewDigital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThanks to Andrey Bezborodov, Kirill Ermakov, Alexander Raspopov, and Dmitry Sklyarov of Positive Technologies for reporting these vulnerabilities. This document was written by Todd Lewellen. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/800094 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-264 | Permissions, Privileges, and Access Controls |
40 % | CWE-255 | Credentials Management |
20 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 |
ExploitDB Exploits
id | Description |
---|---|
2013-11-18 | Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass |
Snort® IPS/IDS
Date | Description |
---|---|
2018-02-03 | Dahua DVR clear logs request attempt RuleID : 45329 - Revision : 4 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR admin password reset attempt RuleID : 45328 - Revision : 3 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR NAS configuration download attempt RuleID : 45327 - Revision : 3 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR user group information query attempt RuleID : 45326 - Revision : 4 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR DDNS configuration download attempt RuleID : 45325 - Revision : 3 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR user password hash query attempt RuleID : 45324 - Revision : 4 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR email configuration download attempt RuleID : 45323 - Revision : 3 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR channel information query attempt RuleID : 45322 - Revision : 4 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR firmware version query attempt RuleID : 45321 - Revision : 4 - Type : SERVER-WEBAPP |
2018-02-03 | Dahua DVR serial number query attempt RuleID : 45320 - Revision : 5 - Type : SERVER-WEBAPP |
2018-01-23 | Dahua DVR hard-coded root login attempt RuleID : 45253 - Revision : 2 - Type : SERVER-OTHER |
Alert History
Date | Informations |
---|---|
2013-11-24 21:19:41 |
|
2013-09-17 21:24:14 |
|
2013-09-17 17:23:07 |
|
2013-09-13 21:19:10 |
|