Firmware Upgrade Vulnerability in Dahua IP Products
CVE-2017-9316

6.5MEDIUM

Key Information:

Vendor: Dahua Technologies
Status: Ipc-hdw4300s\nvr11hs\ipc-hfw4x00\ipc-hdw4x00\ipc-hdbw4x00\ipc-hf5x00\ipc-hfw5x00\ipc-hdw5x00\ipc-hdbw5x00\nvr11hs
Vendor: CVE Published:; 27 November 2017

What is CVE-2017-9316?

A firmware upgrade authentication bypass vulnerability has been identified in Dahua's IPC-HDW4300S and various IP products. This issue originated from an internal Debug function, which was initially intended for performance tuning and problem analysis during the development phase. Although the function allows the device to receive data unidirectionally, it does not enable the collection of user privacy data nor facilitate remote code execution, making its impact considerable in terms of device security.

Affected Version(s)

IPC-HDW4300S\NVR11HS\IPC-HFW4X00\IPC-HDW4X00\IPC-HDBW4X00\IPC-HF5X00\IPC-HFW5X00\IPC-HDW5X00\IPC-HDBW5X00\NVR11HS References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html

References

http://www.dahuasecurity.com/annoucementsingle/security-a...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 27, 2017
Vulnerability Reserved
May 30, 2017

Dahua Technologies

What is CVE-2017-9316?

Affected Version(s)

References

CVSS V3.1

Timeline