var-201705-3743
Vulnerability from variot
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. plural Dahua The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua DH-IPC-HDBW23A0RN-ZS is a camera product of Dahua Company of China. Dahua Technology is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Dahua DH-IPC-HDBW23A0RN-ZS, etc. There are security vulnerabilities in many Dahua products. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3743",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dh-sd6cxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-nvr1xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-hcvr4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw4xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw2xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-hcvr5xxx",
"scope": "eq",
"trust": 1.6,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw2xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdw4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw2xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hfw4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-sd6cxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-nvr1xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-hcvr4xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-hcvr5xxx",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": null,
"trust": 1.4,
"vendor": "dahua",
"version": null
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw1xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw4xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hfw1xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dh-ipc-hdw2xxx",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "dhi-hcvr58a32s-s2",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dhi-hcvr51a08he-s3",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dhi-hcvr51a04he-s3",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-sd6cxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-nvr1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hfw1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw2xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdw1xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdbw23a0rn-zs",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-ipc-hdbw13a0sn",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-hcvr5xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": "dh-hcvr4xxx",
"scope": "eq",
"trust": 0.3,
"vendor": "dahuasecurity",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdbw23a0rn zs",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh nvr1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh hcvr4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh hcvr5xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr51a04he s3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr51a08he s3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dhi hcvr58a32s s2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdbw13a0sn",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw2xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hdw4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw1xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw2xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh ipc hfw4xxx",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dh sd6cxx",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-hcvr4xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-hcvr5xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdw1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdw2xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hdw4xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hfw1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hfw2xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-ipc-hfw4xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-nvr1xxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dh-sd6cxx_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dhi-hcvr51a04he-s3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dhi-hcvr51a08he-s3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:dahuasecurity:dhi-hcvr58a32s-s2_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bashis",
"sources": [
{
"db": "BID",
"id": "98312"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7925",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-08192",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-116128",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7925",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7925",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7925",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-08192",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1045",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-116128",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. plural Dahua The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dahua DH-IPC-HDBW23A0RN-ZS is a camera product of Dahua Company of China. Dahua Technology is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Dahua DH-IPC-HDBW23A0RN-ZS, etc. There are security vulnerabilities in many Dahua products. The following products are affected: Dahua DH-IPC-HDBW23A0RN-ZS; DH-IPC-HDBW13A0SN; DH-IPC-HDW1XXX; DH-IPC-HDW2XXX; DH-IPC-HDW4XXX; DH-IPC-HFW4XXX; DH-SD6CXX; DH-NVR1XXX; DH-HCVR4XXX; DH-HCVR5XXX; DHI-HCVR51A04HE-S3; DHI-HCVR51A08HE-S3;",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7925"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "VULHUB",
"id": "VHN-116128"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7925",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-124-02",
"trust": 2.8
},
{
"db": "BID",
"id": "98312",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-08192",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98841854",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971",
"trust": 0.8
},
{
"db": "IVD",
"id": "B9A8CA3D-8AC9-429C-880C-4CC25C09C01B",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116128",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"id": "VAR-201705-3743",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
}
],
"trust": 1.5166666600000003
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
}
]
},
"last_update_date": "2024-11-23T22:56:13.229000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cybersecurity Vulnerability Update - March 8 2017",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/en/us/single.php?nid=364"
},
{
"title": "Security Notification DHCC-201703-01",
"trust": 0.8,
"url": "http://www1.dahuasecurity.com/annoucementsingle/security-notification-dhcc-201703-01-112.html"
},
{
"title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (030617)",
"trust": 0.8,
"url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php"
},
{
"title": "Cyber Vulnerability Affecting Certain Dahua IP Cameras and Recorders (04032017)",
"trust": 0.8,
"url": "http://us.dahuasecurity.com/en/us/Security-Bulletin_04032017.php"
},
{
"title": "Cybersecurity Statement - March 6th 2017",
"trust": 0.8,
"url": "http://www.dahuasecurity.com/en/us/single.php?nid=354"
},
{
"title": "Patches for Dahua\u0027s multiple digital video recorders and IP camera profile password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94425"
},
{
"title": "Repair measures for various UOB product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-260",
"trust": 1.8
},
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-124-02"
},
{
"trust": 2.3,
"url": "http://us.dahuasecurity.com/en/us/security-bulletin_030617.php"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98312"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7925"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7925"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98841854/index.html"
},
{
"trust": 0.8,
"url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor-poc.py"
},
{
"trust": 0.8,
"url": "https://github.com/mcw0/poc/blob/master/dahua-backdoor.txt"
},
{
"trust": 0.3,
"url": "www.dahuasecurity.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"db": "VULHUB",
"id": "VHN-116128"
},
{
"db": "BID",
"id": "98312"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
},
{
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "IVD",
"id": "b9a8ca3d-8ac9-429c-880c-4cc25c09c01b"
},
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"date": "2017-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-116128"
},
{
"date": "2017-05-04T00:00:00",
"db": "BID",
"id": "98312"
},
{
"date": "2017-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1045"
},
{
"date": "2017-05-06T00:29:00.427000",
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-08192"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116128"
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "98312"
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003971"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1045"
},
{
"date": "2024-11-21T03:32:58.700000",
"db": "NVD",
"id": "CVE-2017-7925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dahua Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1045"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.