Privilege Escalation in Dahua IP Devices
CVE-2017-9317

8.8HIGH

Key Information:

Vendor: Dahua Technologies
Status: Xvr 5x04, Xvr 5x08, Xvr 5x16, Xvr 7x16, Ipc-hdbw4xxx, Ipc-hdbw5xxx
Vendor: CVE Published:; 23 May 2018

🔔 Create Dahua Technologies Vulnerability Alert

What is CVE-2017-9317?

This vulnerability affects several Dahua IP devices, allowing an attacker with a low-privilege account to escalate their access. By exploiting this flaw, attackers can obtain sensitive credential information associated with high-privilege accounts. This capability enables further unauthorized access to device functionalities and sensitive information, posing significant risks to device security and user privacy.

Affected Version(s)

XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Build before 2017/09

References

https://www.dahuasecurity.com/support/cybersecurity/annou...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2018
Vulnerability Reserved
May 30, 2017