Lucene search

[email protected]CVE-2017-6341

HistoryFeb 27, 2017 - 7:59 a.m.

CVE-2017-6341

2017-02-2707:59:00

CWE-319

[email protected]

web.nvd.nist.gov

cve-2017-6341

dahua

dhi-hcvr7216a-s3

nvr firmware

camera firmware

smartpss software

cleartext passwords

remote attack

network sniffing

sensitive information

vulnerability

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

8.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.9%

JSON

Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.

CPENameOperatorVersion
dahuasecurity:camera_firmwaredahuasecurity camera firmwareeq2.400.0000.28.r
dahuasecurity:nvr_firmwaredahuasecurity nvr firmwareeq3.210.0001.10
dahuasecurity:smartpss_firmwaredahuasecurity smartpss firmwareeq1.16.1

CPE	Name	Operator	Version
dahuasecurity:camera_firmware	dahuasecurity camera firmware	eq	2.400.0000.28.r
dahuasecurity:nvr_firmware	dahuasecurity nvr firmware	eq	3.210.0001.10
dahuasecurity:smartpss_firmware	dahuasecurity smartpss firmware	eq	1.16.1