Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ipc-hdbw5xxx_firmware by dahuasecurity

    CVE-2017-9317 (GCVE-0-2017-9317)

    Vulnerability from nvd – Published: 2018-05-23 15:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Date Public
    2018-03-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
              "vendor": "Dahua Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "Build before 2017/09"
                }
              ]
            }
          ],
          "datePublic": "2018-03-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-23T14:57:01.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "DATE_PUBLIC": "2018-03-16T00:00:00",
              "ID": "CVE-2017-9317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Build before 2017/09"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dahua Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337",
                  "refsource": "CONFIRM",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2017-9317",
        "datePublished": "2018-05-23T15:00:00.000Z",
        "dateReserved": "2017-05-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:50.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9315 (GCVE-0-2017-9315)

    Vulnerability from nvd – Published: 2017-11-28 19:00 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
    Severity
    No CVSS data available.
    CWE
    • risk of sensitive information leakage
    Assigner
    References
    Date Public
    2017-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
              "vendor": "Dahua Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions Build between 2015/07 and 2017/03"
                }
              ]
            }
          ],
          "datePublic": "2017-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "risk of sensitive information leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T18:57:01.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "DATE_PUBLIC": "2017-11-10T00:00:00",
              "ID": "CVE-2017-9315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions Build between 2015/07 and 2017/03"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dahua Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "risk of sensitive information leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2017-9315",
        "datePublished": "2017-11-28T19:00:00.000Z",
        "dateReserved": "2017-05-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:08.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9317 (GCVE-0-2017-9317)

    Vulnerability from cvelistv5 – Published: 2018-05-23 15:00 – Updated: 2024-09-16 19:36
    VLAI
    Summary
    Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
    Severity
    No CVSS data available.
    CWE
    • Privilege escalation
    Assigner
    References
    Impacted products
    Date Public
    2018-03-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
              "vendor": "Dahua Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "Build before 2017/09"
                }
              ]
            }
          ],
          "datePublic": "2018-03-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-23T14:57:01.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "DATE_PUBLIC": "2018-03-16T00:00:00",
              "ID": "CVE-2017-9317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Build before 2017/09"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dahua Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337",
                  "refsource": "CONFIRM",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2017-9317",
        "datePublished": "2018-05-23T15:00:00.000Z",
        "dateReserved": "2017-05-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:36:50.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9315 (GCVE-0-2017-9315)

    Vulnerability from cvelistv5 – Published: 2017-11-28 19:00 – Updated: 2024-09-17 02:31
    VLAI
    Summary
    Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
    Severity
    No CVSS data available.
    CWE
    • risk of sensitive information leakage
    Assigner
    References
    Date Public
    2017-11-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.242Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
              "vendor": "Dahua Technologies",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions Build between 2015/07 and 2017/03"
                }
              ]
            }
          ],
          "datePublic": "2017-11-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "risk of sensitive information leakage",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-28T18:57:01.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "DATE_PUBLIC": "2017-11-10T00:00:00",
              "ID": "CVE-2017-9315",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions Build between 2015/07 and 2017/03"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dahua Technologies"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "risk of sensitive information leakage"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2017-9315",
        "datePublished": "2017-11-28T19:00:00.000Z",
        "dateReserved": "2017-05-30T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:31:08.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }