Authentication Flaw in Dahua NVR Models Impacting Security Operations
CVE-2017-9314

8.8HIGH

Key Information:

Vendor: Dahua Technologies
Status: Nvr50xx, Vr52xx, Vr54xx, Vr58xx
Vendor: CVE Published:; 13 November 2017

What is CVE-2017-9314?

An authentication vulnerability has been identified in specific Dahua NVR models, including NVR50XX, NVR52XX, NVR54XX, and NVR58XX. This flaw exists in software versions prior to DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102, allowing attackers to exploit the vulnerability through JSON message forgery. Successful exploitation could lead to unauthorized access, enabling attackers to perform additional operations on the device, ultimately compromising its security and the integrity of the managed video data.

Affected Version(s)

NVR50XX, VR52XX, VR54XX, VR58XX Versions Build between 2013 and 2017/10

References

http://www.dahuasecurity.com/annoucementsingle/security-a...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2017
Vulnerability Reserved
May 30, 2017

Dahua Technologies

What is CVE-2017-9314?

Affected Version(s)

References

CVSS V3.1

Timeline