The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Dahuasecurity
Subscribe
|
Dvr0404hd-a
Subscribe
Dvr0404hd-l
Subscribe
Dvr0404hd-s
Subscribe
Dvr0404hd-u
Subscribe
Dvr0404hf-a-e
Subscribe
Dvr0404hf-al-e
Subscribe
Dvr0404hf-s-e
Subscribe
Dvr0404hf-u-e
Subscribe
Dvr0804
Subscribe
Dvr0804hd-l
Subscribe
Dvr0804hd-s
Subscribe
Dvr0804hf-a-e
Subscribe
Dvr0804hf-al-e
Subscribe
Dvr0804hf-l-e
Subscribe
Dvr0804hf-s-e
Subscribe
Dvr0804hf-u-e
Subscribe
Dvr1604hd-l
Subscribe
Dvr1604hd-s
Subscribe
Dvr1604hf-a-e
Subscribe
Dvr1604hf-al-e
Subscribe
Dvr1604hf-l-e
Subscribe
Dvr1604hf-s-e
Subscribe
Dvr1604hf-u-e
Subscribe
Dvr2104c
Subscribe
Dvr2104h
Subscribe
Dvr2104hc
Subscribe
Dvr2104he
Subscribe
Dvr2108c
Subscribe
Dvr2108h
Subscribe
Dvr2108hc
Subscribe
Dvr2108he
Subscribe
Dvr2116c
Subscribe
Dvr2116h
Subscribe
Dvr2116hc
Subscribe
Dvr2116he
Subscribe
Dvr2404hf-s
Subscribe
Dvr2404lf-al
Subscribe
Dvr2404lf-s
Subscribe
Dvr3204hf-s
Subscribe
Dvr3204lf-al
Subscribe
Dvr3204lf-s
Subscribe
Dvr3224l
Subscribe
Dvr3232l
Subscribe
Dvr5104c
Subscribe
Dvr5104h
Subscribe
Dvr5104he
Subscribe
Dvr5108c
Subscribe
Dvr5108h
Subscribe
Dvr5108he
Subscribe
Dvr5116c
Subscribe
Dvr5116h
Subscribe
Dvr5116he
Subscribe
Dvr5204a
Subscribe
Dvr5204l
Subscribe
Dvr5208a
Subscribe
Dvr5208l
Subscribe
Dvr5216a
Subscribe
Dvr5216l
Subscribe
Dvr5404
Subscribe
Dvr5408
Subscribe
Dvr5416
Subscribe
Dvr5804
Subscribe
Dvr5808
Subscribe
Dvr5816
Subscribe
Dvr6404lf-s
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2013-5590 | The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 |
|
History
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T17:47:41.217Z
Reserved: 2013-09-17T00:00:00Z
Link: CVE-2013-5754
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2013-09-17T12:04:28.820
Modified: 2025-04-11T00:51:21.963
Link: CVE-2013-5754
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses