Password Hashing Vulnerability in Dahua DVR Appliances
CVE-2013-3615

Currently unrated

Key Information:

Vendor: Dahuasecurity
Status: Dvr2104h; Dvr0404hd-a; Dvr1604hd-l; Dvr2104hc
Vendor: CVE Published:; 17 September 2013

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2013-3615?

Dahua DVR appliances utilize a password-hashing algorithm with a limited hash length, rendering passwords susceptible to compromise. This vulnerability allows context-dependent attackers to exploit the weakness and retrieve clear-text passwords through brute-force methods. The ease of discovering passwords poses a significant risk to users and network security, requiring immediate attention and remediation.

References

http://www.kb.cert.org/vuls/id/800094

third-party-advisoryx_refsource_CERT-VN

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 17, 2013

CVE-2013-3615 Data

JSON