CVE-2013-3615
First published: Tue Sep 17 2013(Updated: )
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahua Security DVR0404HD-A | ||
| Dahua Security DVR0404HD-L | ||
| Dahua Technology DVR0404HD-S | ||
| Dahua Security DVR0404HD-U | ||
| Dahuasecurity DVR0404HF-A-E | ||
| Dahua Security DVR0404HF-AL-E | ||
| Dahua Technology DVR0404HF-S-E | ||
| Dahua Technology DVR0404HF-U-E | ||
| Dahuasecurity DVR Firmware | ||
| Dahua Security DVR0804HD-L | ||
| Dahua Security DVR0804HD-S | ||
| Dahua Technology DVR0804HF-A-E | ||
| Dahua Security DVR0804HF-AL-E | ||
| Dahuasecurity Dvr0804hf-l-e | ||
| Dahua Technology DVR0804HF-S-E | ||
| Dahua DVR0804HF-U-E | ||
| Dahua Security DVR1604HD-L | ||
| Dahua Security DVR1604HD-S | ||
| Dahua Security DVR1604HF-A-E | ||
| Dahua Technology DVR1604HF-AL-E | ||
| Dahua Technology DVR1604HF-L-E | ||
| Dahua Technology DVR1604HF-S-E | ||
| Dahua Security DVR1604HF-U-E | ||
| Dahua Security DVR2104C | ||
| Dahua DVR 2104H | ||
| Dahuasecurity DVR2104HC | ||
| Dahua Dvr2104HE | ||
| Dahua Security DVR2108C | ||
| Dahua Security DVR2108H | ||
| Dahua DVR 2108HC | ||
| Dahua DVR 2108HE | ||
| Dahua Security DVR5116C | ||
| Dahua DVR 2116HE | ||
| Dahuasecurity DVR2116HC | ||
| Dahua DVR 2116HE | ||
| Dahua Security DVR2404HF-S | ||
| Dahua Technology DVR2404LF-AL | ||
| Dahuasecurity DVR2404LF-S | ||
| Dahua Security DVR3204HF-S | ||
| Dahua Security DVR3204LF-AL | ||
| Dahua Security DVR3204LF-S | ||
| Dahua Security DVR3224L | ||
| Dahua Security DVR3232L | ||
| Dahua DVR 5104C | ||
| Dahuasecurity Dvr5104h | ||
| Dahua DVR5104HE | ||
| Dahua DVR 5108C | ||
| Dahua Security DVR5108H | ||
| Dahua Security DVR5108HE | ||
| Dahua Security DVR5116C | ||
| Dahua DVR 5116H | ||
| Dahuasecurity DVR5116HE | ||
| Dahua Security DVR5204A | ||
| Dahua Security DVR5204L | ||
| Dahua Security DVR5208A | ||
| Dahua Security DVR5208L | ||
| Dahua Security DVR5216A | ||
| Dahua Technology DVR5216L | ||
| Dahuasecurity DVR Firmware | ||
| Dahua Security DVR5408 | ||
| Dahua Technology DVR5416 | ||
| Dahua Security DVR5804 | ||
| Dahuasecurity DVR Firmware | ||
| Dahua Security DVR5816 | ||
| Dahuasecurity DVR6404LF-S |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3615?
CVE-2013-3615 has a medium severity rating due to its potential to allow brute-force attacks against passwords.
How do I fix CVE-2013-3615?
To fix CVE-2013-3615, update the firmware of your Dahua DVR appliances to a version that improves password hashing algorithms.
Which products are affected by CVE-2013-3615?
CVE-2013-3615 affects several Dahua DVR models including DVR0404HD-A, DVR0804HD-S, and DVR1604HF-S.
What type of attack does CVE-2013-3615 facilitate?
CVE-2013-3615 facilitates brute-force attacks, making it easier for attackers to discover cleartext passwords.
Is CVE-2013-3615 exploitable remotely?
Yes, attackers can exploit CVE-2013-3615 remotely if they can reach the affected Dahua DVR appliances.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dahuasecurity
- canonical/dahua security dvr0404hd-a
- canonical/dahua security dvr0404hd-l
- canonical/dahua technology dvr0404hd-s
- canonical/dahua security dvr0404hd-u
- canonical/dahuasecurity dvr0404hf-a-e
- canonical/dahua security dvr0404hf-al-e
- canonical/dahua technology dvr0404hf-s-e
- canonical/dahua technology dvr0404hf-u-e
- canonical/dahuasecurity dvr firmware
- canonical/dahua security dvr0804hd-l
- canonical/dahua security dvr0804hd-s
- canonical/dahua technology dvr0804hf-a-e
- canonical/dahua security dvr0804hf-al-e
- canonical/dahuasecurity dvr0804hf-l-e
- canonical/dahua technology dvr0804hf-s-e
- canonical/dahua dvr0804hf-u-e
- canonical/dahua security dvr1604hd-l
- canonical/dahua security dvr1604hd-s
- canonical/dahua security dvr1604hf-a-e
- canonical/dahua technology dvr1604hf-al-e
- canonical/dahua technology dvr1604hf-l-e
- canonical/dahua technology dvr1604hf-s-e
- canonical/dahua security dvr1604hf-u-e
- canonical/dahua security dvr2104c
- canonical/dahua dvr 2104h
- canonical/dahuasecurity dvr2104hc
- canonical/dahua dvr2104he
- canonical/dahua security dvr2108c
- canonical/dahua security dvr2108h
- canonical/dahua dvr 2108hc
- canonical/dahua dvr 2108he
- canonical/dahua security dvr5116c
- canonical/dahua dvr 2116he
- canonical/dahuasecurity dvr2116hc
- canonical/dahua security dvr2404hf-s
- canonical/dahua technology dvr2404lf-al
- canonical/dahuasecurity dvr2404lf-s
- canonical/dahua security dvr3204hf-s
- canonical/dahua security dvr3204lf-al
- canonical/dahua security dvr3204lf-s
- canonical/dahua security dvr3224l
- canonical/dahua security dvr3232l
- canonical/dahua dvr 5104c
- canonical/dahuasecurity dvr5104h
- canonical/dahua dvr5104he
- canonical/dahua dvr 5108c
- canonical/dahua security dvr5108h
- canonical/dahua security dvr5108he
- canonical/dahua dvr 5116h
- canonical/dahuasecurity dvr5116he
- canonical/dahua security dvr5204a
- canonical/dahua security dvr5204l
- canonical/dahua security dvr5208a
- canonical/dahua security dvr5208l
- canonical/dahua security dvr5216a
- canonical/dahua technology dvr5216l
- canonical/dahua security dvr5408
- canonical/dahua technology dvr5416
- canonical/dahua security dvr5804
- canonical/dahua security dvr5816
- canonical/dahuasecurity dvr6404lf-s