Lucene search
CertccCVE-2013-3613HistorySep 17, 2013 - 12:04 p.m.
CVE-2013-3613
2013-09-1712:04:24
CWE-287
certcc
web.nvd.nist.gov
43
dahua
dvr
upnp
vulnerability
remote access
replay attack
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.006
Percentile
79.1%
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
Affected configurations
Node
dahuasecuritydvr0404hd-aMatch-
ORdahuasecuritydvr0404hd-lMatch-
ORdahuasecuritydvr0404hd-sMatch-
ORdahuasecuritydvr0404hd-uMatch-
ORdahuasecuritydvr0404hf-a-eMatch-
ORdahuasecuritydvr0404hf-al-eMatch-
ORdahuasecuritydvr0404hf-s-eMatch-
ORdahuasecuritydvr0404hf-u-eMatch-
ORdahuasecuritydvr0804Match-
ORdahuasecuritydvr0804hd-lMatch-
ORdahuasecuritydvr0804hd-sMatch-
ORdahuasecuritydvr0804hf-a-eMatch-
ORdahuasecuritydvr0804hf-al-eMatch-
ORdahuasecuritydvr0804hf-l-eMatch-
ORdahuasecuritydvr0804hf-s-eMatch-
ORdahuasecuritydvr0804hf-u-eMatch-
ORdahuasecuritydvr1604hd-lMatch-
ORdahuasecuritydvr1604hd-sMatch-
ORdahuasecuritydvr1604hf-a-eMatch-
ORdahuasecuritydvr1604hf-al-eMatch-
ORdahuasecuritydvr1604hf-l-eMatch-
ORdahuasecuritydvr1604hf-s-eMatch-
ORdahuasecuritydvr1604hf-u-eMatch-
ORdahuasecuritydvr2104cMatch-
ORdahuasecuritydvr2104hMatch-
ORdahuasecuritydvr2104hcMatch-
ORdahuasecuritydvr2104heMatch-
ORdahuasecuritydvr2108cMatch-
ORdahuasecuritydvr2108hMatch-
ORdahuasecuritydvr2108hcMatch-
ORdahuasecuritydvr2108heMatch-
ORdahuasecuritydvr2116cMatch-
ORdahuasecuritydvr2116hMatch-
ORdahuasecuritydvr2116hcMatch-
ORdahuasecuritydvr2116heMatch-
ORdahuasecuritydvr2404hf-sMatch-
ORdahuasecuritydvr2404lf-alMatch-
ORdahuasecuritydvr2404lf-sMatch-
ORdahuasecuritydvr3204hf-sMatch-
ORdahuasecuritydvr3204lf-alMatch-
ORdahuasecuritydvr3204lf-sMatch-
ORdahuasecuritydvr3224lMatch-
ORdahuasecuritydvr3232lMatch-
ORdahuasecuritydvr5104cMatch-
ORdahuasecuritydvr5104hMatch-
ORdahuasecuritydvr5104heMatch-
ORdahuasecuritydvr5108cMatch-
ORdahuasecuritydvr5108hMatch-
ORdahuasecuritydvr5108heMatch-
ORdahuasecuritydvr5116cMatch-
ORdahuasecuritydvr5116hMatch-
ORdahuasecuritydvr5116heMatch-
ORdahuasecuritydvr5204aMatch-
ORdahuasecuritydvr5204lMatch-
ORdahuasecuritydvr5208aMatch-
ORdahuasecuritydvr5208lMatch-
ORdahuasecuritydvr5216aMatch-
ORdahuasecuritydvr5216lMatch-
ORdahuasecuritydvr5404Match-
ORdahuasecuritydvr5408Match-
ORdahuasecuritydvr5416Match-
ORdahuasecuritydvr5804Match-
ORdahuasecuritydvr5808Match-
ORdahuasecuritydvr5816Match-
ORdahuasecuritydvr6404lf-sMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dahuasecurity | dvr0404hd-a | - | cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hd-l | - | cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hd-s | - | cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hd-u | - | cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-a-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-al-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-s-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0404hf-u-e | - | cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0804 | - | cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:* |
| dahuasecurity | dvr0804hd-l | - | cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:* |
References
Related
nvd
nvd
CVE-2013-3613
2013-09-17 12:04:24
cvelist
cvelist
CVE-2013-3613
2013-09-17 10:00:00
prion
prion
Design/Logic Flaw
2013-09-17 12:04:00
cert
cert
Dahua Security DVRs contain multiple vulnerabilities
2013-09-13 00:00:00
seebug
seebug
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass
2014-07-01 00:00:00
exploitdb
exploitdb
Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass (Metasploit)
2013-11-18 00:00:00
exploitpack
exploitpack
Dahua DVR 2.608.0000.02.608.GV00.0 - Authentication Bypass (Metasploit)
2013-11-18 00:00:00
securityvulns
securityvulns
Dahua DVR authentication bypass
2013-11-18 00:00:00
Dahua DVR Authentication Bypass - CVE-2013-6117
2013-11-18 00:00:00
zdt
zdt
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass
2013-11-19 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.006
Percentile
79.1%
Related for CVE-2013-3613