CVE-2017-9317

EUVD-2017-18252
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
dahuasecurityxvr5x16_firmware
𝑥
< 3.218.0000002.1.r.171229
dahuasecurityxvr5x08_firmware
𝑥
< 3.218.0000002.1.r.171229
dahuasecurityxvr5x04_firmware
𝑥
< 3.218.0000002.1.r.171229
dahuasecurityxvr7x16_firmware
𝑥
< 3.218.0000002.1.r.171229
dahuasecurityipc-hdbw4xxx_firmware
𝑥
< 2.622.0000000.18.r.20171110
dahuasecurityipc-hdbw4xxx_firmware
𝑥
< 2.621.0000.28.r.20170912
dahuasecurityipc-hdbw5xxx_firmware
𝑥
< 2.622.0000000.18.r.20171110
dahuasecurityipc-hdbw5xxx_firmware
𝑥
< 2.621.0000.28.r.20170912
𝑥
= Vulnerable software versions
References
https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337
https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337