CVE-2017-9314

EPSS 0.31%
Veröffentlicht 13.11.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cybersecurity@dahuatech.com
CVE-Watchlists
Login
Unerledigt
Login

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dahuasecurity ≫ Nvr5464-16p-4ks2 Firmware Version < dh_nvr5464_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5464-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5208-8p-4ks2 Firmware Version < dh_nvr5208_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5208-8p-4ks2 Version-

Dahuasecurity ≫ Nvr5432-16p-4ks2 Firmware Version < dh_nvr5432_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5432-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5416-16p-4ks2 Firmware Version < dh_nvr5416_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5416-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5464-4ks2 Firmware Version < dh_nvr5464_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5464-4ks2 Version-

Dahuasecurity ≫ Nvr5432-4ks2 Firmware Version < dh_nvr5432_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5432-4ks2 Version-

Dahuasecurity ≫ Nvr5416-4ks2 Firmware Version < dh_nvr5416_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5416-4ks2 Version-

Dahuasecurity ≫ Nvr5232-16p-4ks2 Firmware Version < dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5232-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5216-16p-4ks2 Firmware Version < dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5216-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5232-8p-4ks2 Firmware Version < dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5232-8p-4ks2 Version-

Dahuasecurity ≫ Nvr5216-8p-4ks2 Firmware Version < dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5216-8p-4ks2 Version-

Dahuasecurity ≫ Nvr5232-4ks2 Firmware Version < dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5232-4ks2 Version-

Dahuasecurity ≫ Nvr5216-4ks2 Firmware Version < dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5216-4ks2 Version-

Dahuasecurity ≫ Nvr5208-4ks2 Firmware Version < dh_nvr5208_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5208-4ks2 Version-

Dahuasecurity ≫ Nvr5816-4ks2 Firmware Version < dh_nvr5816_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5816-4ks2 Version-

Dahuasecurity ≫ Nvr5832-4ks2 Firmware Version < dh_nvr5832_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5832-4ks2 Version-

Dahuasecurity ≫ Nvr5864-4ks2 Firmware Version < dh_nvr5864_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5864-4ks2 Version-

Dahuasecurity ≫ Nvr5864-16p-4ks2 Firmware Version < dh_nvr5864_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5864-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5832-16p-4ks2 Firmware Version < dh_nvr5832_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5832-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5816-16p-4ks2 Firmware Version < dh_nvr5816_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5816-16p-4ks2 Version-

Dahuasecurity ≫ Nvr5424-24p-4ks2 Firmware Version < dh_nvr5424_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5424-24p-4ks2 Version-

Dahuasecurity ≫ Nvr5224-24p-4ks2 Firmware Version < dh_nvr5224_eng_p_v2.616.0000.0.r.20171102

Dahuasecurity ≫ Nvr5224-24p-4ks2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.538

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-9314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9314

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-9314