Hardcoded Password Vulnerability in Dahua DVR Appliances
CVE-2013-3612

Currently unrated

Key Information:

Vendor: Dahuasecurity
Status: Dvr2104h; Dvr0404hd-a; Dvr1604hd-l; Dvr2104hc
Vendor: CVE Published:; 17 September 2013

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2013-3612?

Dahua DVR appliances contain hardcoded passwords for the root and an unspecified backdoor account, posing significant security risks. This vulnerability enables remote attackers to exploit the system, potentially gaining unauthorized administrative access through various methods including ActiveX support and standalone clients, among other vectors. Organizations using these devices should assess their security protocols and consider immediate remediation to mitigate potential breaches.

References

http://www.kb.cert.org/vuls/id/800094

third-party-advisoryx_refsource_CERT-VN

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 17, 2013

CVE-2013-3612 Data

JSON