Cleartext Password Exposure in Dahua DHI-HCVR7216A-S3 Devices
CVE-2017-6341

5.9MEDIUM

Key Information:

Vendor

Dahuasecurity

Status
Camera Firmware
Nvr Firmware
Smartpss Firmware
Vendor
CVE Published:
27 February 2017

What is CVE-2017-6341?

Dahua DHI-HCVR7216A-S3 devices are vulnerable due to their firmware and software sending cleartext passwords through various interfaces, including Web Page, Mobile Application, and Desktop Application. This behavior allows remote attackers to capture sensitive information via network sniffing, potentially leading to unauthorized access to critical system functionalities and user data.

References

https://twitter.com/null_ku7/status/835649185168838657
x_refsource_MISC
https://nullku7.github.io/stuff/exposure/dahua/2017/02/24...
x_refsource_MISC
http://www.securityfocus.com/bid/96456
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.