Lucene search

[email protected]CVE-2017-7927

HistoryMay 06, 2017 - 12:29 a.m.

CVE-2017-7927

2017-05-0600:29:00

CWE-798

CWE-836

[email protected]

web.nvd.nist.gov

cve-2017-7927

authentication issue

dahua

security vulnerability

password hash

bypass authentication

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.9 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.2%

JSON

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.

Affected configurations

NVD

Node

dahuasecuritydh-ipc-hdbw23a0rn-zs_firmwareMatch-

AND

dahuasecuritydh-ipc-hdbw23a0rn-zsMatch-

Node

dahuasecuritydh-ipc-hdbw13a0sn_firmwareMatch-

AND

dahuasecuritydh-ipc-hdbw13a0snMatch-

Node

dahuasecuritydh-ipc-hdw1xxx_firmwareMatch-

AND

dahuasecuritydh-ipc-hdw1xxxMatch-

Node

dahuasecuritydh-ipc-hdw2xxx_firmwareMatch-

AND

dahuasecuritydh-ipc-hdw2xxxMatch-

Node

dahuasecuritydh-ipc-hdw4xxx_firmwareMatch-

AND

dahuasecuritydh-ipc-hdw4xxxMatch-

Node

dahuasecuritydh-ipc-hfw1xxx_firmwareMatch-

AND

dahuasecuritydh-ipc-hfw1xxxMatch-

Node

dahuasecuritydh-ipc-hfw2xxx_firmwareMatch-

AND

dahuasecuritydh-ipc-hfw2xxxMatch-

Node

dahuasecuritydh-ipc-hfw4xxx_firmwareMatch-

AND

dahuasecuritydh-ipc-hfw4xxxMatch-

Node

dahuasecuritydh-sd6cxx_firmwareMatch-

AND

dahuasecuritydh-sd6cxxMatch-

Node

dahuasecuritydh-nvr1xxx_firmwareMatch-

AND

dahuasecuritydh-nvr1xxxMatch-

Node

dahuasecuritydh-hcvr4xxx_firmwareMatch-

AND

dahuasecurityddh-hcvr4xxxMatch-

Node

dahuasecuritydh-hcvr5xxx_firmwareMatch-

AND

dahuasecuritydh-hcvr5xxxMatch-

Node

dahuasecuritydhi-hcvr51a04he-s3_firmwareMatch-

AND

dahuasecuritydhi-hcvr51a04he-s3Match-

Node

dahuasecuritydhi-hcvr51a08he-s3_firmwareMatch-

AND

dahuasecuritydhi-hcvr51a08he-s3Match-

Node

dahuasecuritydhi-hcvr58a32s-s2_firmwareMatch-

AND

dahuasecuritydhi-hcvr58a32s-s2Match-

CPENameOperatorVersion
dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmwaredahuasecurity dh-ipc-hdbw23a0rn-zs firmwareeq-

CPE	Name	Operator	Version
dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware	dahuasecurity dh-ipc-hdbw23a0rn-zs firmware	eq	-

CNA Affected

[
  {
    "product": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras"
      }
    ]
  }
]

References

us.dahuasecurity.com/en/us/Security-Bulletin_030617.php

www.securityfocus.com/bid/98312

ics-cert.us-cert.gov/advisories/ICSA-17-124-02

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.9 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2017-7927

nvd1 cvelist1 prion1 ics1 threatpost1 openvas1