Search
Find a vulnerability
Search criteria
11 vulnerabilities found for dvr0804hf-a-e by dahuasecurity
VAR-201309-0168
Vulnerability from variot - Updated: 2025-04-11 23:04Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Digital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Dahua Security DVR Appliances accept UPnP requests from external untrusted devices, which can cause the telnet port of the DVR application device to be automatically redirected and accessed by external entities. These default conditions allow external attackers to detect the device and use the built-in account to authenticate. Access the device. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dvr2104hc",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116he",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5216l",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2104c",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108he",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5204a",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116c",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116hc",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108c",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108hc",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-s-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5104he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-u-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5116c",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-a",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hd-l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-al-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-a-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5204l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5116he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2108h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-l-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5108he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2116h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-l-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5208a",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr6404lf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2404lf-al",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-u",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5104h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5108c",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5216a",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5808",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-a-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5816",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-s-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2404hf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-u-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5104c",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5404",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-al-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-s-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5408",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5108h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5804",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2104h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hf-u-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hf-a-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3204lf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2104he",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5208l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr2404lf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3204hf-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5416",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0804hd-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3204lf-al",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr5116h",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hf-al-e",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hd-l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3232l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr1604hd-s",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr3224l",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dvr0404hd-a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hd-l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hd-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hd-u",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-a-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-al-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-s-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0404hf-u-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hd-l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hd-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-a-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-al-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-l-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-s-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr0804hf-u-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hd-l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hd-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-a-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-al-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-l-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-s-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr1604hf-u-e",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104hc",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2104he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108hc",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2108he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116hc",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2116he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2404hf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2404lf-al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr2404lf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3204hf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3204lf-al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3204lf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3224l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr3232l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5104c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5104h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5104he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5108c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5108h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5108he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5116c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5116h",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5116he",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5204a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5204l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5208a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5208l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5216a",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5216l",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5404",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5408",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5416",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5804",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5808",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr5816",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dvr6404lf-s",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "security dvr appliances",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hd-a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hd-l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hd-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hd-u",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hf-a-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hf-al-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hf-s-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0404hf-u-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804hd-l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804hd-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804hf-a-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804hf-al-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804hf-l-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804hf-s-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr0804hf-u-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr1604hd-l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr1604hd-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr1604hf-a-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr1604hf-al-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr1604hf-l-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr1604hf-s-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr1604hf-u-e",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2104c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2104h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2104hc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2104he",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2108c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2108h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2108hc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2108he",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2116c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2116h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2116hc",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2116he",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2404hf-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2404lf-al",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr2404lf-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr3204hf-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr3204lf-al",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr3204lf-s",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr3224l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr3232l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5104c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5104h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5104he",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5108c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5108h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5108he",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5116c",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5116h",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5116he",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5204a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5204l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5208a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5208l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5216a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5216l",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5404",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5408",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5416",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5804",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5808",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr5816",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:dahuasecurity:dvr6404lf-s",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrey Bezborodov, Kirill Ermakov, Alexander Raspopov, and Dmitry Sklyarov of Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "62402"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3613",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3613",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13179",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3613",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3613",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-13179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-263",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Digital video recorders (DVR) produced by Dahua Technology Co., Ltd. contain multiple vulnerabilities that could allow a remote attacker to gain privileged access to the devices. Dahua Security DVR Appliances accept UPnP requests from external untrusted devices, which can cause the telnet port of the DVR application device to be automatically redirected and accessed by external entities. These default conditions allow external attackers to detect the device and use the built-in account to authenticate. Access the device. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3613"
},
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#800094",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2013-3613",
"trust": 3.3
},
{
"db": "BID",
"id": "62402",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU99181254",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-13179",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"id": "VAR-201309-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13179"
}
]
},
"last_update_date": "2025-04-11T23:04:04.757000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/800094"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://www.dahuasecurity.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3613"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99181254"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3613"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62402"
},
{
"trust": 0.3,
"url": "http://www.dahuasecurity.com/products_category/dvr-2.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#800094"
},
{
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"db": "BID",
"id": "62402"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
},
{
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "CERT/CC",
"id": "VU#800094"
},
{
"date": "2013-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"date": "2013-09-13T00:00:00",
"db": "BID",
"id": "62402"
},
{
"date": "2013-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"date": "2013-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-263"
},
{
"date": "2013-09-17T12:04:24.757000",
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-04T00:00:00",
"db": "CERT/CC",
"id": "VU#800094"
},
{
"date": "2013-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13179"
},
{
"date": "2013-09-13T00:00:00",
"db": "BID",
"id": "62402"
},
{
"date": "2013-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004184"
},
{
"date": "2017-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-263"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3613"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dahua Security DVRs contain multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#800094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-263"
}
],
"trust": 0.6
}
}
CVE-2013-5754 (GCVE-0-2013-5754)
Vulnerability from nvd – Published: 2013-09-17 10:00 – Updated: 2024-09-16 17:47
VLAI
Summary
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:30.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5754",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-09-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:47:41.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3615 (GCVE-0-2013-3615)
Vulnerability from nvd – Published: 2013-09-17 10:00 – Updated: 2024-09-16 23:26
VLAI
Summary
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3615",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:26:38.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3614 (GCVE-0-2013-3614)
Vulnerability from nvd – Published: 2013-09-17 10:00 – Updated: 2024-09-17 03:02
VLAI
Summary
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3614",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:59.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3613 (GCVE-0-2013-3613)
Vulnerability from nvd – Published: 2013-09-17 10:00 – Updated: 2024-09-16 18:33
VLAI
Summary
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3613",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:47.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3612 (GCVE-0-2013-3612)
Vulnerability from nvd – Published: 2013-09-17 10:00 – Updated: 2024-09-16 22:44
VLAI
Summary
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified \"backdoor\" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified \"backdoor\" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3612",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:44:59.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5754 (GCVE-0-2013-5754)
Vulnerability from cvelistv5 – Published: 2013-09-17 10:00 – Updated: 2024-09-16 17:47
VLAI
Summary
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:30.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5754",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-09-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:47:41.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3615 (GCVE-0-2013-3615)
Vulnerability from cvelistv5 – Published: 2013-09-17 10:00 – Updated: 2024-09-16 23:26
VLAI
Summary
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3615",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:26:38.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3614 (GCVE-0-2013-3614)
Vulnerability from cvelistv5 – Published: 2013-09-17 10:00 – Updated: 2024-09-17 03:02
VLAI
Summary
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3614",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:59.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3613 (GCVE-0-2013-3613)
Vulnerability from cvelistv5 – Published: 2013-09-17 10:00 – Updated: 2024-09-16 18:33
VLAI
Summary
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3613",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:47.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3612 (GCVE-0-2013-3612)
Vulnerability from cvelistv5 – Published: 2013-09-17 10:00 – Updated: 2024-09-16 22:44
VLAI
Summary
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/800094 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified \"backdoor\" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-17T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#800094",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/800094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified \"backdoor\" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#800094",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/800094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3612",
"datePublished": "2013-09-17T10:00:00.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:44:59.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}