{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206:*:*:*:*:*:*:*", "matchCriteriaId": "3F5669BA-5C1F-4F52-9D79-8776282E5A44", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420:*:*:*:*:*:*:*", "matchCriteriaId": "CA79412C-1BC8-4655-8436-E1A5717E6350", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715:*:*:*:*:*:*:*", "matchCriteriaId": "83F2F333-8891-4D55-90C4-6313276DE7D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921:*:*:*:*:*:*:*", "matchCriteriaId": "D8B600A3-09B2-4ABD-B186-BCFBF515D246", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409:*:*:*:*:*:*:*", "matchCriteriaId": "6C03BAA9-3FC9-469A-B1E5-62707976CBAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603:*:*:*:*:*:*:*", "matchCriteriaId": "B45C75C6-8C05-4329-A90F-0230E92B2ECF", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803:*:*:*:*:*:*:*", "matchCriteriaId": "33CB1BFB-1D29-4D39-948E-099D1CB4A154", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226:*:*:*:*:*:*:*", "matchCriteriaId": "5AF362C3-DA4A-4E7C-85D9-05940C69BBB7", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305:*:*:*:*:*:*:*", "matchCriteriaId": "E44881D9-EB60-477B-8B63-DE76F2E2EF2C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321:*:*:*:*:*:*:*", "matchCriteriaId": "2D728DCB-8F1F-44F1-9F7D-E8D9C4D15A14", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr11hs:-:*:*:*:*:*:*:*", "matchCriteriaId": "E897BE3B-42DC-4818-974E-E0B4888E8C13", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015:*:*:*:*:*:*:*", "matchCriteriaId": "9B986666-C017-4F6E-81B4-00CB607BFA8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231:*:*:*:*:*:*:*", "matchCriteriaId": "130851B8-3EF5-4E9B-91F2-BBC2637854DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419:*:*:*:*:*:*:*", "matchCriteriaId": "4C8B4DD7-BFA0-4702-85EC-DDF6204B110C", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621:*:*:*:*:*:*:*", "matchCriteriaId": "EB77D367-6AB0-4D4C-9499-F4B1EB7CB45E", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724:*:*:*:*:*:*:*", "matchCriteriaId": "480879F4-B4CE-47B6-AEB3-3F2A3352764F", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205:*:*:*:*:*:*:*", "matchCriteriaId": "2ACE8717-A584-4744-8ED6-189EE125B45D", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "DA7E4FC4-9552-48BA-9A9D-4489CA923D37", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409:*:*:*:*:*:*:*", "matchCriteriaId": "42228E00-D80B-4B4C-A006-022EFC141B4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710:*:*:*:*:*:*:*", "matchCriteriaId": "0CC6C72D-7C18-4072-8498-A5264A9D81F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD4DEAC6-BAE1-4591-A687-008DBBC148D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "1070CF92-6AC4-4D1A-8122-2347468DE160", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "A8B48283-EC41-49E4-A6C6-B4FF3A9F0AEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D0B291B-A24A-4A4F-8449-872103F12B14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "801B77F7-BE17-4DE3-844D-5D528B916261", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "07D98F00-29B6-41A6-A8FD-4FA4C19338E3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF19BD61-B331-4EAF-8F08-EB9DCFEF01ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "24DCC8E6-3623-4A19-9434-2219ECEE52C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "7A2F64D9-6DA0-4088-BC44-FBD0562B0995", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "54666037-AEE9-4AA4-8FDE-AC7944D91FDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "CA374D52-FB4F-433B-8841-5886D13F9C8F", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "95A6D3CD-E051-4DD5-88FD-3674A9347A27", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hf5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "253995B9-6787-4F11-A949-AA5FFAEF7119", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "D33C6F49-6687-40A8-A24B-324B13ED6ED8", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "20D1B4E9-F520-4A80-9BD0-148B958997A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "390E4C77-C40D-416B-8BED-260E444A0271", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "8B25302A-0E7D-4BD7-98FC-5E7B6832A660", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "C5827DC8-D95E-409A-AA40-59B3306FB115", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "E23BA234-BE9C-40B4-AF21-EC0DC2E40F8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312:*:*:*:*:*:*:*", "matchCriteriaId": "DBAC30B4-19EA-4D2F-8E44-1795D118A904", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311:*:*:*:*:*:*:*", "matchCriteriaId": "25F0821A-852B-4EC7-A5F8-6536400F9237", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EC94754-E15D-42C8-A8B2-C5D1C3595DA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de actualizaci\u00f3n de firmware en Dahua IPC-HDW4300S y algunos productos IP. La vulnerabilidad fue provocada por la funci\u00f3n interna de depuraci\u00f3n. Esta funci\u00f3n en particular fue empleada para analizar problemas y ajustar el rendimiento durante la fase de desarrollo del producto. Permit\u00eda que el dispositivo reciba solo datos espec\u00edficos (una direcci\u00f3n, sin transmitir) y, por lo tanto, no estaba implicada en ninguna instancia de recolecci\u00f3n de datos privados del usuario o de permisi\u00f3n de ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2017-9316", "lastModified": "2024-11-21T03:35:49.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-27T17:29:00.207", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}
MITRE
Vulnrichment
NVD
Redhat