CVE-2017-9316

Published: Nov 27, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-18251 Aliases: GSD-2017-9316
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: high
MEDIUM 5,8
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: none
Integrity: partial
Availability: partial

Description

AI Translation Available

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0174
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

287

Improper Authentication

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Access Control
Potential Impacts:
Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: ICS/OT, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
Operating System

Ipc-Hdw4X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4X00 Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.420.0008.0.r.20150710
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hfw4X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hfw4X00 Firmware
Version 2.400.0000.3.r.20150312
cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.400.0000.0.r.20131231
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hfw5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hfw5X00 Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdbw4X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdbw4X00 Firmware
Version 2.400.0000.3.r.20150312
cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdbw5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdbw5X00 Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.420.0005.0.r.20141205
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.5.r.20170321
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.5.r.20160803
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.0.r.20150206
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.420.0007.0.r.20150409
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.420.0002.0.r.20140724
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.420.0000.0.r.20140419
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.5.r.20161226
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.5.r.20160409
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdbw4X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdbw4X00 Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4X00 Firmware
Version 2.400.0000.3.r.20150312
cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.2.r.20150715
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw5X00 Firmware
Version 2.400.0000.3.r.20150312
cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hf5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hf5X00 Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.240.0009.0.r.20131015
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hfw4X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hfw4X00 Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.5.r.20160603
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw5X00 Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hf5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hf5X00 Firmware
Version 2.400.0000.3.r.20150312
cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.1.r.20150420
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hfw5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hfw5X00 Firmware
Version 2.400.0000.3.r.20150312
cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.3.r.20150921
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.420.0006.0.r.20150311
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdbw5X00 Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdbw5X00 Firmware
Version 2.400.0000.3.r.20150312
cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Nvr11Hs Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Nvr11Hs Firmware
Version 3.210.0000.5.r.20170305
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ipc-Hdw4300S Firmware by Dahuasecurity

Product Information
Vendor Dahuasecurity
Product Ipc-Hdw4300S Firmware
Version 2.420.0002.0.r.20140621
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://www.dahuasecurity.com/annoucementsingle/security-adv…
Patch Vendor Advisory
http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vul…
http://www.dahuasecurity.com/annoucementsingle/security-adv…
Patch Vendor Advisory
http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vul…