Dvr0404hf-s-e Security Vulnerabilities and Issues — Dvr0404hf-s-e CVE List

Lucene search

DahuasecurityDvr0404hf-s-e

5 matches found

CVE•added 2013/09/17 12:4 p.m.•103 views

CVE-2013-3612

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

10CVSS6.8AI score0.09226EPSS

CVE•added 2013/09/17 12:4 p.m.•63 views

CVE-2013-3613

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.

7.8CVSS6.5AI score0.08487EPSS

CVE•added 2013/09/17 12:4 p.m.•53 views

CVE-2013-3614

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.

9.3CVSS6.7AI score0.08179EPSS

CVE•added 2013/09/17 12:4 p.m.•52 views

CVE-2013-3615

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.

7.8CVSS6.4AI score0.0652EPSS

CVE•added 2013/09/17 12:4 p.m.•50 views

CVE-2013-5754

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a ...

10CVSS6.8AI score0.09226EPSS