Lucene search
CertccCVE-2013-3612HistorySep 17, 2013 - 12:04 p.m.
CVE-2013-3612
2013-09-1712:04:24
CWE-255
certcc
web.nvd.nist.gov
60
dahua
dvr
appliances
hardcoded password
backdoor
remote access
vulnerability
cve-2013-3612
nvd
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
71.1%
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified “backdoor” account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or © unknown other vectors.
Affected configurations
Node
dahuasecuritydvr0404hd-aMatch-
ORdahuasecuritydvr0404hd-lMatch-
ORdahuasecuritydvr0404hd-sMatch-
ORdahuasecuritydvr0404hd-uMatch-
ORdahuasecuritydvr0404hf-a-eMatch-
ORdahuasecuritydvr0404hf-al-eMatch-
ORdahuasecuritydvr0404hf-s-eMatch-
ORdahuasecuritydvr0404hf-u-eMatch-
ORdahuasecuritydvr0804Match-
ORdahuasecuritydvr0804hd-lMatch-
ORdahuasecuritydvr0804hd-sMatch-
ORdahuasecuritydvr0804hf-a-eMatch-
ORdahuasecuritydvr0804hf-al-eMatch-
ORdahuasecuritydvr0804hf-l-eMatch-
ORdahuasecuritydvr0804hf-s-eMatch-
ORdahuasecuritydvr0804hf-u-eMatch-
ORdahuasecuritydvr1604hd-lMatch-
ORdahuasecuritydvr1604hd-sMatch-
ORdahuasecuritydvr1604hf-a-eMatch-
ORdahuasecuritydvr1604hf-al-eMatch-
ORdahuasecuritydvr1604hf-l-eMatch-
ORdahuasecuritydvr1604hf-s-eMatch-
ORdahuasecuritydvr1604hf-u-eMatch-
ORdahuasecuritydvr2104cMatch-
ORdahuasecuritydvr2104hMatch-
ORdahuasecuritydvr2104hcMatch-
ORdahuasecuritydvr2104heMatch-
ORdahuasecuritydvr2108cMatch-
ORdahuasecuritydvr2108hMatch-
ORdahuasecuritydvr2108hcMatch-
ORdahuasecuritydvr2108heMatch-
ORdahuasecuritydvr2116cMatch-
ORdahuasecuritydvr2116hMatch-
ORdahuasecuritydvr2116hcMatch-
ORdahuasecuritydvr2116heMatch-
ORdahuasecuritydvr2404hf-sMatch-
ORdahuasecuritydvr2404lf-alMatch-
ORdahuasecuritydvr2404lf-sMatch-
ORdahuasecuritydvr3204hf-sMatch-
ORdahuasecuritydvr3204lf-alMatch-
ORdahuasecuritydvr3204lf-sMatch-
ORdahuasecuritydvr3224lMatch-
ORdahuasecuritydvr3232lMatch-
ORdahuasecuritydvr5104cMatch-
ORdahuasecuritydvr5104hMatch-
ORdahuasecuritydvr5104heMatch-
ORdahuasecuritydvr5108cMatch-
ORdahuasecuritydvr5108hMatch-
ORdahuasecuritydvr5108heMatch-
ORdahuasecuritydvr5116cMatch-
ORdahuasecuritydvr5116hMatch-
ORdahuasecuritydvr5116heMatch-
ORdahuasecuritydvr5204aMatch-
ORdahuasecuritydvr5204lMatch-
ORdahuasecuritydvr5208aMatch-
ORdahuasecuritydvr5208lMatch-
ORdahuasecuritydvr5216aMatch-
ORdahuasecuritydvr5216lMatch-
ORdahuasecuritydvr5404Match-
ORdahuasecuritydvr5408Match-
ORdahuasecuritydvr5416Match-
ORdahuasecuritydvr5804Match-
ORdahuasecuritydvr5808Match-
ORdahuasecuritydvr5816Match-
ORdahuasecuritydvr6404lf-sMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dahuasecurity | dvr0404hd-a | - | cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hd-l | - | cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hd-s | - | cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hd-u | - | cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-a-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-al-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-s-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-u-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0804 | - | cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0804hd-l | - | cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:* |
References
Related
nvd
nvd
CVE-2013-3612
2013-09-17 12:04:24
CVE-2013-5754
2013-09-17 12:04:28
cvelist
cvelist
CVE-2013-3612
2013-09-17 10:00:00
CVE-2013-5754
2013-09-17 10:00:00
prion
prion
Hardcoded credentials
2013-09-17 12:04:00
Authorization
2013-09-17 12:04:00
cve
cve
CVE-2013-5754
2013-09-17 12:04:28
cert
cert
Dahua Security DVRs contain multiple vulnerabilities
2013-09-13 00:00:00
seebug
seebug
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass
2014-07-01 00:00:00
exploitdb
exploitdb
Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit)
2013-11-18 00:00:00
exploitpack
exploitpack
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass (Metasploit)
2013-11-18 00:00:00
securityvulns
securityvulns
Dahua DVR authentication bypass
2013-11-18 00:00:00
Dahua DVR Authentication Bypass - CVE-2013-6117
2013-11-18 00:00:00
zdt
zdt
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass
2013-11-19 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.8
Confidence
Low
EPSS
0.003
Percentile
71.1%
Related for CVE-2013-3612