Remote Access Vulnerability in Dahua DHI-HCVR7216A-S3 NVR Device
CVE-2017-6343

8.1HIGH

Key Information:

Vendor: Dahuasecurity
Status: Camera Firmware; Nvr Firmware; Smartpss Firmware
Vendor: CVE Published:; 27 February 2017

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2017-6343?

The Dahua DHI-HCVR7216A-S3 with specific firmware versions has a significant security flaw in its web interface. This vulnerability allows remote attackers to gain unauthorized login access without needing the actual password, solely by exploiting the MD5 Admin Hash. This issue is distinct from previous vulnerabilities and highlights critical considerations for device security, emphasizing the need for robust password management and secure configurations.

References

http://www.securityfocus.com/bid/96449

vdb-entryx_refsource_BID

https://nullku7.github.io/stuff/exposure/dahua/2017/02/24...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 27, 2017
Vulnerability Reserved
Feb 26, 2017

CVE-2017-6343 Data

JSON