CVE-2013-3612
First published: Tue Sep 17 2013(Updated: )
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahua Security DVR0404HD-A | ||
| Dahua Security DVR0404HD-L | ||
| Dahua Technology DVR0404HD-S | ||
| Dahua Security DVR0404HD-U | ||
| Dahuasecurity DVR0404HF-A-E | ||
| Dahua Security DVR0404HF-AL-E | ||
| Dahua Technology DVR0404HF-S-E | ||
| Dahua Technology DVR0404HF-U-E | ||
| Dahuasecurity DVR Firmware | ||
| Dahua Security DVR0804HD-L | ||
| Dahua Security DVR0804HD-S | ||
| Dahua Technology DVR0804HF-A-E | ||
| Dahua Security DVR0804HF-AL-E | ||
| Dahuasecurity Dvr0804hf-l-e | ||
| Dahua Technology DVR0804HF-S-E | ||
| Dahua DVR0804HF-U-E | ||
| Dahua Security DVR1604HD-L | ||
| Dahua Security DVR1604HD-S | ||
| Dahua Security DVR1604HF-A-E | ||
| Dahua Technology DVR1604HF-AL-E | ||
| Dahua Technology DVR1604HF-L-E | ||
| Dahua Technology DVR1604HF-S-E | ||
| Dahua Security DVR1604HF-U-E | ||
| Dahua Security DVR2104C | ||
| Dahua DVR 2104H | ||
| Dahuasecurity DVR2104HC | ||
| Dahua Dvr2104HE | ||
| Dahua Security DVR2108C | ||
| Dahua Security DVR2108H | ||
| Dahua DVR 2108HC | ||
| Dahua DVR 2108HE | ||
| Dahua Security DVR5116C | ||
| Dahua DVR 2116HE | ||
| Dahuasecurity DVR2116HC | ||
| Dahua DVR 2116HE | ||
| Dahua Security DVR2404HF-S | ||
| Dahua Technology DVR2404LF-AL | ||
| Dahuasecurity DVR2404LF-S | ||
| Dahua Security DVR3204HF-S | ||
| Dahua Security DVR3204LF-AL | ||
| Dahua Security DVR3204LF-S | ||
| Dahua Security DVR3224L | ||
| Dahua Security DVR3232L | ||
| Dahua DVR 5104C | ||
| Dahuasecurity Dvr5104h | ||
| Dahua DVR5104HE | ||
| Dahua DVR 5108C | ||
| Dahua Security DVR5108H | ||
| Dahua Security DVR5108HE | ||
| Dahua Security DVR5116C | ||
| Dahua DVR 5116H | ||
| Dahuasecurity DVR5116HE | ||
| Dahua Security DVR5204A | ||
| Dahua Security DVR5204L | ||
| Dahua Security DVR5208A | ||
| Dahua Security DVR5208L | ||
| Dahua Security DVR5216A | ||
| Dahua Technology DVR5216L | ||
| Dahuasecurity DVR Firmware | ||
| Dahua Security DVR5408 | ||
| Dahua Technology DVR5416 | ||
| Dahua Security DVR5804 | ||
| Dahuasecurity DVR Firmware | ||
| Dahua Security DVR5816 | ||
| Dahuasecurity DVR6404LF-S |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3612?
CVE-2013-3612 is rated as high severity due to the presence of hardcoded passwords allowing unauthorized administrative access.
How do I fix CVE-2013-3612?
To mitigate CVE-2013-3612, ensure to change the hardcoded passwords and secure the affected Dahua DVR appliances.
Which Dahua DVR models are affected by CVE-2013-3612?
CVE-2013-3612 affects multiple Dahua DVR models including DVR0404, DVR0804, DVR1604, DVR2100 series, and several others.
Can CVE-2013-3612 lead to a data breach?
Yes, CVE-2013-3612 can potentially lead to a data breach as it allows remote attackers access to sensitive camera feeds and device settings.
What actions should be taken after identifying CVE-2013-3612?
After identifying CVE-2013-3612, it is crucial to assess the security of your network, update the DVR firmware if available, and change default credentials.
- agent/softwarecombine
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dahuasecurity
- canonical/dahua security dvr0404hd-a
- canonical/dahua security dvr0404hd-l
- canonical/dahua technology dvr0404hd-s
- canonical/dahua security dvr0404hd-u
- canonical/dahuasecurity dvr0404hf-a-e
- canonical/dahua security dvr0404hf-al-e
- canonical/dahua technology dvr0404hf-s-e
- canonical/dahua technology dvr0404hf-u-e
- canonical/dahuasecurity dvr firmware
- canonical/dahua security dvr0804hd-l
- canonical/dahua security dvr0804hd-s
- canonical/dahua technology dvr0804hf-a-e
- canonical/dahua security dvr0804hf-al-e
- canonical/dahuasecurity dvr0804hf-l-e
- canonical/dahua technology dvr0804hf-s-e
- canonical/dahua dvr0804hf-u-e
- canonical/dahua security dvr1604hd-l
- canonical/dahua security dvr1604hd-s
- canonical/dahua security dvr1604hf-a-e
- canonical/dahua technology dvr1604hf-al-e
- canonical/dahua technology dvr1604hf-l-e
- canonical/dahua technology dvr1604hf-s-e
- canonical/dahua security dvr1604hf-u-e
- canonical/dahua security dvr2104c
- canonical/dahua dvr 2104h
- canonical/dahuasecurity dvr2104hc
- canonical/dahua dvr2104he
- canonical/dahua security dvr2108c
- canonical/dahua security dvr2108h
- canonical/dahua dvr 2108hc
- canonical/dahua dvr 2108he
- canonical/dahua security dvr5116c
- canonical/dahua dvr 2116he
- canonical/dahuasecurity dvr2116hc
- canonical/dahua security dvr2404hf-s
- canonical/dahua technology dvr2404lf-al
- canonical/dahuasecurity dvr2404lf-s
- canonical/dahua security dvr3204hf-s
- canonical/dahua security dvr3204lf-al
- canonical/dahua security dvr3204lf-s
- canonical/dahua security dvr3224l
- canonical/dahua security dvr3232l
- canonical/dahua dvr 5104c
- canonical/dahuasecurity dvr5104h
- canonical/dahua dvr5104he
- canonical/dahua dvr 5108c
- canonical/dahua security dvr5108h
- canonical/dahua security dvr5108he
- canonical/dahua dvr 5116h
- canonical/dahuasecurity dvr5116he
- canonical/dahua security dvr5204a
- canonical/dahua security dvr5204l
- canonical/dahua security dvr5208a
- canonical/dahua security dvr5208l
- canonical/dahua security dvr5216a
- canonical/dahua technology dvr5216l
- canonical/dahua security dvr5408
- canonical/dahua technology dvr5416
- canonical/dahua security dvr5804
- canonical/dahua security dvr5816
- canonical/dahuasecurity dvr6404lf-s