{"containers": {"cna": {"affected": [{"product": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras", "vendor": "n/a", "versions": [{"status": "affected", "version": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras"}]}], "datePublic": "2017-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-836", "description": "CWE-836", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-05-08T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"}, {"tags": ["x_refsource_MISC"], "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"}, {"name": "98312", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98312"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-7927", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras", "version": {"version_data": [{"version_value": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-836"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"}, {"name": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php", "refsource": "MISC", "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"}, {"name": "98312", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98312"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:19:29.227Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"}, {"name": "98312", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98312"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-7927", "datePublished": "2017-05-06T00:00:00", "dateReserved": "2017-04-18T00:00:00", "dateUpdated": "2024-08-05T16:19:29.227Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0424BCE7-4A55-4D30-97CB-37AFCDD5688D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw23a0rn-zs:-:*:*:*:*:*:*:*", "matchCriteriaId": "E726BD6A-A7FA-45AC-867B-6BD0EC59A3A2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EC38F14-5327-4B0B-B1C6-9E4209CD6B1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdbw13a0sn:-:*:*:*:*:*:*:*", "matchCriteriaId": "702164AC-DF8D-4929-AB36-9B57F26FFAA4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8CCBCC8-CFCC-4A58-A696-34CADA02CD54", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw1xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "90E0A454-1155-4AEE-AC50-D786D1381248", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9DD0D587-30A2-4EAA-8A54-13D59A7521B8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw2xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "73D5FE44-6E68-4EFE-A5EA-41CB6F89260F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "04E4FEB2-C460-478D-B716-7DD28B2237DD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hdw4xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "70D258A3-BE73-4F6C-8056-06D728466D37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C73CD7AB-3473-4F31-A16A-B2ACC1E5115A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw1xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "48D8AD60-2A49-4A41-A450-8E605DCAB937", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C9A4E4-8637-4B38-81FC-2A9B5BB694FB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw2xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF98B8DF-C3FA-4AC4-94B0-F25F2259EE77", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E439A7FB-1880-449A-8163-354B1919F5F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-ipc-hfw4xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "22CB4C66-9F55-42FE-A7CC-6B07D190BD66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-sd6cxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1E29C82-D1B0-49BA-8BF3-BEFA1F1CE565", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-sd6cxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "4835E073-E3BE-4400-964F-DCAD78CCBF57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-nvr1xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "64C5DE2D-C012-4654-9D52-C2221CA0B1A9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-nvr1xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BA0D45E-E01F-469F-A50C-49497AD060C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-hcvr4xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D801AC9C-5EB2-415F-915F-1633E0679F40", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ddh-hcvr4xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "30960189-9488-4047-A5EA-427C54E462FD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dh-hcvr5xxx_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CC32657-CFB0-4500-858C-7A32E59C555F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dh-hcvr5xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "B89DF4CA-78CA-404E-8B8D-042CAC45C0C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a04he-s3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FAA72C3-5743-48EE-9CB1-0D4E9BAF1722", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a04he-s3:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF321A00-A2B6-4D5F-99D7-C654B3247F81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-hcvr51a08he-s3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C059F7B-6951-44FE-B970-C629556FB114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-hcvr51a08he-s3:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A37D238-2574-4277-8135-06D5C46D4517", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-hcvr58a32s-s2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7B958A3-8CA0-44F9-ACA6-941513AEA6AE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-hcvr58a32s-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F0AB530-EDF8-4711-BE0F-A61D4FC19212", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password."}, {"lang": "es", "value": "Un problema de Uso del Hash de Contrase\u00f1a en Lugar de Contrase\u00f1a para Autenticaci\u00f3n se detect\u00f3 en c\u00e1maras DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3 y DHI-HCVR58A32S-S2, de Dahua. Se identific\u00f3 el uso de hash de contrase\u00f1a en lugar de la contrase\u00f1a para la vulnerabilidad de autenticaci\u00f3n, lo que podr\u00eda permitir a un usuario malicioso omitir la autenticaci\u00f3n sin obtener la contrase\u00f1a actual."}], "id": "CVE-2017-7927", "lastModified": "2024-11-21T03:32:58.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-06T00:29:00.460", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Vendor Advisory"], "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98312"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98312"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-836"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}