31 matches found
EUVD-2013-3547
Malware in sbrugna...
EUVD-2013-5590
Malware in sbrugna...
EUVD-2017-15489
Malware in sbrugna...
EUVD-2013-3548
Malware in sbrugna...
EUVD-2013-3549
Malware in sbrugna...
CVE-2013-3613
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port...
CVE-2013-3614
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2013-3612
Dahua DVR appliances have a hardcoded password for 1 the root account and 2 an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving a ActiveX, b a standalone client, or c unknown other vectors...
CVE-2013-3615
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack...
CVE-2013-5754
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving 1 ActiveX, 2 a...
Dahua Security Digital Video Recorders Credentials Management Errors (CVE-2013-3615)
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Dahua Security Digital Video Recorders Improper Authentication (CVE-2013-3613)
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Dahua Security Digital Video Recorders Permissions, Privileges, and Access Controls (CVE-2013-3614)
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900...
Dahua DVR Authentication Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner, 'Description' = %qScans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and...
Information disclosure
An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of...
CVE-2017-6432
An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of...
Dahua DVR Auth Bypass Scanner
Scans for Dahua-based DVRs and then grabs settings. Optionally resets a user's password and clears the device logs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule %qDahua DVR Auth Bypass Scanner...
CVE-2013-6117
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777...
Authentication flaw
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777...
CVE-2013-6117
CVE-2013-6117 affects Dahua DVRs (firmware in the 2.6xx range) and is an authentication bypass that can be triggered over TCP port 37777. The issue enables remote attackers to bypass login, obtain user credentials, change passwords, clear logs, and perform other actions as described in the primar...