Privilege Escalation in Dahua IP Devices
CVE-2017-9317
8.8HIGH
What is CVE-2017-9317?
This vulnerability affects several Dahua IP devices, allowing an attacker with a low-privilege account to escalate their access. By exploiting this flaw, attackers can obtain sensitive credential information associated with high-privilege accounts. This capability enables further unauthorized access to device functionalities and sensitive information, posing significant risks to device security and user privacy.
Affected Version(s)
XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Build before 2017/09
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved