6.5
CVE-2017-9316
- EPSS 1.74%
- Veröffentlicht 27.11.2017 17:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cybersecurity@dahuatech.com
- CVE-Watchlists
- Unerledigt
LoginFirmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.0.r.20150206
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.1.r.20150420
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.2.r.20150715
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.3.r.20150921
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.5.r.20160409
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.5.r.20160603
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.5.r.20160803
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.5.r.20161226
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.5.r.20170305
Dahuasecurity ≫ Nvr11hs Firmware Version3.210.0000.5.r.20170321
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.240.0009.0.r.20131015
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.400.0000.0.r.20131231
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.420.0000.0.r.20140419
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.420.0002.0.r.20140621
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.420.0002.0.r.20140724
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.420.0005.0.r.20141205
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.420.0006.0.r.20150311
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.420.0007.0.r.20150409
Dahuasecurity ≫ Ipc-hdw4300s Firmware Version2.420.0008.0.r.20150710
Dahuasecurity ≫ Ipc-hfw4x00 Firmware Version2.400.0000.3.r.20150312
Dahuasecurity ≫ Ipc-hfw4x00 Firmware Version2.420.0006.0.r.20150311
Dahuasecurity ≫ Ipc-hdw4x00 Firmware Version2.400.0000.3.r.20150312
Dahuasecurity ≫ Ipc-hdw4x00 Firmware Version2.420.0006.0.r.20150311
Dahuasecurity ≫ Ipc-hdbw4x00 Firmware Version2.400.0000.3.r.20150312
Dahuasecurity ≫ Ipc-hdbw4x00 Firmware Version2.420.0006.0.r.20150311
Dahuasecurity ≫ Ipc-hf5x00 Firmware Version2.400.0000.3.r.20150312
Dahuasecurity ≫ Ipc-hf5x00 Firmware Version2.420.0006.0.r.20150311
Dahuasecurity ≫ Ipc-hfw5x00 Firmware Version2.400.0000.3.r.20150312
Dahuasecurity ≫ Ipc-hfw5x00 Firmware Version2.420.0006.0.r.20150311
Dahuasecurity ≫ Ipc-hdw5x00 Firmware Version2.400.0000.3.r.20150312
Dahuasecurity ≫ Ipc-hdw5x00 Firmware Version2.420.0006.0.r.20150311
Dahuasecurity ≫ Ipc-hdbw5x00 Firmware Version2.400.0000.3.r.20150312
Dahuasecurity ≫ Ipc-hdbw5x00 Firmware Version2.420.0006.0.r.20150311
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.74% | 0.819 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.2 | 4.2 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.