Security Flaw in Dahua IP Cameras and IP PTZ Devices
CVE-2017-9315

9.8CRITICAL

Key Information:

Vendor: Dahua Technologies
Status: Dahua Ip Camera And Ip Ptz Ipc-hfw1xxx, Ipc-hdw1xxx, Ipc-hdbw1xxx, Ipc-hfw2xxx, Ipc-hdw2xxx, Ipc-hdbw2xxx, Ipc-hfw4xxx, Ipc-hdw4xxx, Ipc-hdbw4xxx, Ipc-hf5xxx, Ipc-hfw5xxx, Ipc-hdw5xxx, Ipc-hdbw5xxx, Ipc-hf8xxx, Ipc-hfw8xxx, Ipc-hdbw8xxx, Ipc-ebw8xxx, Ipc-pfw8xxx, Ipc-pdbw8xxx, Ipc-hum8xxx, Psd8xxxx, Dh-sd2xxxxx, Dh-sd4xxxxx, Dh-sd5xxxxx, Dh-sd6xxxxx
Vendor: CVE Published:; 28 November 2017

What is CVE-2017-9315?

A vulnerability exists in the password recovery mechanism of certain Dahua IP cameras and IP PTZ devices. Customers can submit device information to obtain a temporary password from an authorized dealer, but the algorithm used for this process is susceptible to compromise. This flaw could allow attackers to exploit the recovery mechanism, potentially leading to unauthorized access to the camera's admin settings.

Affected Version(s)

Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX Versions Build between 2015/07 and 2017/03

References

http://www.dahuasecurity.com/annoucementsingle/security-a...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 28, 2017
Vulnerability Reserved
May 30, 2017

Dahua Technologies

What is CVE-2017-9315?

Affected Version(s)

References

CVSS V3.1

Timeline