CVE-2017-9316

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
dahuaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
dahuasecuritynvr11hs_firmware
3.210.0000.0.r.20150206:r.20150206
dahuasecuritynvr11hs_firmware
3.210.0000.1.r.20150420:r.20150420
dahuasecuritynvr11hs_firmware
3.210.0000.2.r.20150715:r.20150715
dahuasecuritynvr11hs_firmware
3.210.0000.3.r.20150921:r.20150921
dahuasecuritynvr11hs_firmware
3.210.0000.5.r.20160409:r.20160409
dahuasecuritynvr11hs_firmware
3.210.0000.5.r.20160603:r.20160603
dahuasecuritynvr11hs_firmware
3.210.0000.5.r.20160803:r.20160803
dahuasecuritynvr11hs_firmware
3.210.0000.5.r.20161226:r.20161226
dahuasecuritynvr11hs_firmware
3.210.0000.5.r.20170305:r.20170305
dahuasecuritynvr11hs_firmware
3.210.0000.5.r.20170321:r.20170321
dahuasecurityipc-hdw4300s_firmware
2.240.0009.0.r.20131015:r.20131015
dahuasecurityipc-hdw4300s_firmware
2.400.0000.0.r.20131231:r.20131231
dahuasecurityipc-hdw4300s_firmware
2.420.0000.0.r.20140419:r.20140419
dahuasecurityipc-hdw4300s_firmware
2.420.0002.0.r.20140621:r.20140621
dahuasecurityipc-hdw4300s_firmware
2.420.0002.0.r.20140724:r.20140724
dahuasecurityipc-hdw4300s_firmware
2.420.0005.0.r.20141205:r.20141205
dahuasecurityipc-hdw4300s_firmware
2.420.0006.0.r.20150311:r.20150311
dahuasecurityipc-hdw4300s_firmware
2.420.0007.0.r.20150409:r.20150409
dahuasecurityipc-hdw4300s_firmware
2.420.0008.0.r.20150710:r.20150710
dahuasecurityipc-hfw4x00_firmware
2.400.0000.3.r.20150312:r.20150312
dahuasecurityipc-hfw4x00_firmware
2.420.0006.0.r.20150311:r.20150311
dahuasecurityipc-hdw4x00_firmware
2.400.0000.3.r.20150312:r.20150312
dahuasecurityipc-hdw4x00_firmware
2.420.0006.0.r.20150311:r.20150311
dahuasecurityipc-hdbw4x00_firmware
2.400.0000.3.r.20150312:r.20150312
dahuasecurityipc-hdbw4x00_firmware
2.420.0006.0.r.20150311:r.20150311
dahuasecurityipc-hf5x00_firmware
2.400.0000.3.r.20150312:r.20150312
dahuasecurityipc-hf5x00_firmware
2.420.0006.0.r.20150311:r.20150311
dahuasecurityipc-hfw5x00_firmware
2.400.0000.3.r.20150312:r.20150312
dahuasecurityipc-hfw5x00_firmware
2.420.0006.0.r.20150311:r.20150311
dahuasecurityipc-hdw5x00_firmware
2.400.0000.3.r.20150312:r.20150312
dahuasecurityipc-hdw5x00_firmware
2.420.0006.0.r.20150311:r.20150311
dahuasecurityipc-hdbw5x00_firmware
2.400.0000.3.r.20150312:r.20150312
dahuasecurityipc-hdbw5x00_firmware
2.420.0006.0.r.20150311:r.20150311
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html