{"containers": {"cna": {"affected": [{"product": "IPC-HDW4300S\\NVR11HS\\IPC-HFW4X00\\IPC-HDW4X00\\IPC-HDBW4X00\\IPC-HF5X00\\IPC-HFW5X00\\IPC-HDW5X00\\IPC-HDBW5X00\\NVR11HS", "vendor": "Dahua Technologies", "versions": [{"status": "affected", "version": "References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}]}], "datePublic": "2017-11-18T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."}], "problemTypes": [{"descriptions": [{"description": "Firmware upgrade authentication bypass vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-27T16:57:01.000Z", "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@dahuatech.com", "DATE_PUBLIC": "2017-11-18T00:00:00", "ID": "CVE-2017-9316", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IPC-HDW4300S\\NVR11HS\\IPC-HFW4X00\\IPC-HDW4X00\\IPC-HDBW4X00\\IPC-HF5X00\\IPC-HFW5X00\\IPC-HDW5X00\\IPC-HDBW5X00\\NVR11HS", "version": {"version_data": [{"version_value": "References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}]}}]}, "vendor_name": "Dahua Technologies"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Firmware upgrade authentication bypass vulnerability"}]}]}, "references": {"reference_data": [{"name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html", "refsource": "CONFIRM", "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:02:44.338Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}]}]}, "cveMetadata": {"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "assignerShortName": "dahua", "cveId": "CVE-2017-9316", "datePublished": "2017-11-27T17:00:00.000Z", "dateReserved": "2017-05-30T00:00:00.000Z", "dateUpdated": "2024-09-16T22:29:39.302Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*", "matchCriteriaId": "3F5669BA-5C1F-4F52-9D79-8776282E5A44", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*", "matchCriteriaId": "CA79412C-1BC8-4655-8436-E1A5717E6350", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*", "matchCriteriaId": "83F2F333-8891-4D55-90C4-6313276DE7D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*", "matchCriteriaId": "D8B600A3-09B2-4ABD-B186-BCFBF515D246", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*", "matchCriteriaId": "6C03BAA9-3FC9-469A-B1E5-62707976CBAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*", "matchCriteriaId": "B45C75C6-8C05-4329-A90F-0230E92B2ECF", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*", "matchCriteriaId": "33CB1BFB-1D29-4D39-948E-099D1CB4A154", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*", "matchCriteriaId": "5AF362C3-DA4A-4E7C-85D9-05940C69BBB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*", "matchCriteriaId": "E44881D9-EB60-477B-8B63-DE76F2E2EF2C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*", "matchCriteriaId": "2D728DCB-8F1F-44F1-9F7D-E8D9C4D15A14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr11hs:-:*:*:*:*:*:*:*", "matchCriteriaId": "E897BE3B-42DC-4818-974E-E0B4888E8C13", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*", "matchCriteriaId": "9B986666-C017-4F6E-81B4-00CB607BFA8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*", "matchCriteriaId": "130851B8-3EF5-4E9B-91F2-BBC2637854DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*", "matchCriteriaId": "4C8B4DD7-BFA0-4702-85EC-DDF6204B110C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*", "matchCriteriaId": "EB77D367-6AB0-4D4C-9499-F4B1EB7CB45E", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*", "matchCriteriaId": "480879F4-B4CE-47B6-AEB3-3F2A3352764F", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*", "matchCriteriaId": "2ACE8717-A584-4744-8ED6-189EE125B45D", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "DA7E4FC4-9552-48BA-9A9D-4489CA923D37", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*", "matchCriteriaId": "42228E00-D80B-4B4C-A006-022EFC141B4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*", "matchCriteriaId": "0CC6C72D-7C18-4072-8498-A5264A9D81F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD4DEAC6-BAE1-4591-A687-008DBBC148D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "1070CF92-6AC4-4D1A-8122-2347468DE160", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "A8B48283-EC41-49E4-A6C6-B4FF3A9F0AEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D0B291B-A24A-4A4F-8449-872103F12B14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "801B77F7-BE17-4DE3-844D-5D528B916261", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "07D98F00-29B6-41A6-A8FD-4FA4C19338E3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF19BD61-B331-4EAF-8F08-EB9DCFEF01ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "24DCC8E6-3623-4A19-9434-2219ECEE52C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "7A2F64D9-6DA0-4088-BC44-FBD0562B0995", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "54666037-AEE9-4AA4-8FDE-AC7944D91FDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "CA374D52-FB4F-433B-8841-5886D13F9C8F", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "95A6D3CD-E051-4DD5-88FD-3674A9347A27", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hf5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "253995B9-6787-4F11-A949-AA5FFAEF7119", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "D33C6F49-6687-40A8-A24B-324B13ED6ED8", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "20D1B4E9-F520-4A80-9BD0-148B958997A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "390E4C77-C40D-416B-8BED-260E444A0271", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "8B25302A-0E7D-4BD7-98FC-5E7B6832A660", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "C5827DC8-D95E-409A-AA40-59B3306FB115", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "E23BA234-BE9C-40B4-AF21-EC0DC2E40F8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "DBAC30B4-19EA-4D2F-8E44-1795D118A904", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "25F0821A-852B-4EC7-A5F8-6536400F9237", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EC94754-E15D-42C8-A8B2-C5D1C3595DA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de actualizaci\u00f3n de firmware en Dahua IPC-HDW4300S y algunos productos IP. La vulnerabilidad fue provocada por la funci\u00f3n interna de depuraci\u00f3n. Esta funci\u00f3n en particular fue empleada para analizar problemas y ajustar el rendimiento durante la fase de desarrollo del producto. Permit\u00eda que el dispositivo reciba solo datos espec\u00edficos (una direcci\u00f3n, sin transmitir) y, por lo tanto, no estaba implicada en ninguna instancia de recolecci\u00f3n de datos privados del usuario o de permisi\u00f3n de ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2017-9316", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-27T17:29:00.207", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}