Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2017-9317 (GCVE-0-2017-9317)

Vulnerability from nvd – Published: 2018-05-23 15:00 – Updated: 2024-09-16 19:36

Summary

Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.

Severity ?

No CVSS data available.

CWE

Privilege escalation

Assigner

dahua

References

URL

Tags

https://www.dahuasecurity.com/support/cybersecuri…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Dahua Technologies	XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX	Affected: Build before 2017/09

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
          "vendor": "Dahua Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "Build before 2017/09"
            }
          ]
        }
      ],
      "datePublic": "2018-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-23T14:57:01",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "DATE_PUBLIC": "2018-03-16T00:00:00",
          "ID": "CVE-2017-9317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build before 2017/09"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dahua Technologies"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337",
              "refsource": "CONFIRM",
              "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2017-9317",
    "datePublished": "2018-05-23T15:00:00Z",
    "dateReserved": "2017-05-30T00:00:00",
    "dateUpdated": "2024-09-16T19:36:50.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-9315 (GCVE-0-2017-9315)

Vulnerability from nvd – Published: 2017-11-28 19:00 – Updated: 2024-09-17 02:31

Summary

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.

Severity ?

No CVSS data available.

CWE

risk of sensitive information leakage

Assigner

dahua

References

URL

Tags

http://www.dahuasecurity.com/annoucementsingle/se…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Dahua Technologies	Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX	Affected: Versions Build between 2015/07 and 2017/03

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
          "vendor": "Dahua Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "Versions Build between 2015/07 and 2017/03"
            }
          ]
        }
      ],
      "datePublic": "2017-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "risk of sensitive information leakage",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-28T18:57:01",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "DATE_PUBLIC": "2017-11-10T00:00:00",
          "ID": "CVE-2017-9315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions Build between 2015/07 and 2017/03"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dahua Technologies"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "risk of sensitive information leakage"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html",
              "refsource": "CONFIRM",
              "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2017-9315",
    "datePublished": "2017-11-28T19:00:00Z",
    "dateReserved": "2017-05-30T00:00:00",
    "dateUpdated": "2024-09-17T02:31:08.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-9317 (GCVE-0-2017-9317)

Vulnerability from cvelistv5 – Published: 2018-05-23 15:00 – Updated: 2024-09-16 19:36

Summary

Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.

Severity ?

No CVSS data available.

CWE

Privilege escalation

Assigner

dahua

References

URL

Tags

https://www.dahuasecurity.com/support/cybersecuri…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Dahua Technologies	XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX	Affected: Build before 2017/09

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
          "vendor": "Dahua Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "Build before 2017/09"
            }
          ]
        }
      ],
      "datePublic": "2018-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-23T14:57:01",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "DATE_PUBLIC": "2018-03-16T00:00:00",
          "ID": "CVE-2017-9317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build before 2017/09"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dahua Technologies"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337",
              "refsource": "CONFIRM",
              "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2017-9317",
    "datePublished": "2018-05-23T15:00:00Z",
    "dateReserved": "2017-05-30T00:00:00",
    "dateUpdated": "2024-09-16T19:36:50.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-9315 (GCVE-0-2017-9315)

Vulnerability from cvelistv5 – Published: 2017-11-28 19:00 – Updated: 2024-09-17 02:31

Summary

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.

Severity ?

No CVSS data available.

CWE

risk of sensitive information leakage

Assigner

dahua

References

URL

Tags

http://www.dahuasecurity.com/annoucementsingle/se…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Dahua Technologies	Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX	Affected: Versions Build between 2015/07 and 2017/03

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
          "vendor": "Dahua Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "Versions Build between 2015/07 and 2017/03"
            }
          ]
        }
      ],
      "datePublic": "2017-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "risk of sensitive information leakage",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-28T18:57:01",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "DATE_PUBLIC": "2017-11-10T00:00:00",
          "ID": "CVE-2017-9315",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions Build between 2015/07 and 2017/03"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dahua Technologies"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "risk of sensitive information leakage"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html",
              "refsource": "CONFIRM",
              "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2017-9315",
    "datePublished": "2017-11-28T19:00:00Z",
    "dateReserved": "2017-05-30T00:00:00",
    "dateUpdated": "2024-09-17T02:31:08.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

4 vulnerabilities found for ipc-hdbw5xxx_firmware by dahuasecurity

CVE-2017-9317 (GCVE-0-2017-9317)

CVE-2017-9315 (GCVE-0-2017-9315)

CVE-2017-9317 (GCVE-0-2017-9317)

CVE-2017-9315 (GCVE-0-2017-9315)