5 matches found
CVE-2013-3612
CVE-2013-3612 affects Dahua DVR appliances, where a hardcoded password exists for the root account and an unspecified backdoor account. This facilitates administrative access by remote attackers via authorization requests using (a) ActiveX, (b) a standalone client, or (c) other vectors. The Conne...
CVE-2013-3613
CVE-2013-3613 affects Dahua DVR appliances. UPnP requests from untrusted addresses are not properly restricted, enabling remote attackers to obtain access via vectors involving a replay attack against the TELNET port (administrative service on TCP 37777 by default). Root cause is inadequate acces...
CVE-2013-3614
Dahua DVR appliances are affected by CVE-2013-3614: the maximum password length is too small, enabling easier remote brute‑force access. Documents describe an authentication-related weakness impacting Dahua DVRs, including the service on TCP port 37777 and the potential for password‑related compr...
CVE-2013-5754
CVE-2013-5754 affects Dahua DVR appliances. The authorization implementation accepts a hash string representing the current date as a master password, enabling remote attackers to obtain administrative access and change the administrator password via requests over ActiveX, a standalone client, or...
CVE-2013-3615
The CVE-2013-3615 vulnerability affects Dahua DVR appliances (and rebranded variants), where a password-hash algorithm uses a short hash length, enabling context-dependent attackers to brute-force and recover cleartext passwords. This weakness resides in the device’s credential protection mechani...