critical
10
CWE
264
Advisory Published
CVE Published
Updated

CVE-2013-5754

First published: Tue Sep 17 2013(Updated: )

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Dahua Security DVR0404HD-A
Dahua Security DVR0404HD-L
Dahua Technology DVR0404HD-S
Dahua Security DVR0404HD-U
Dahuasecurity DVR0404HF-A-E
Dahua Security DVR0404HF-AL-E
Dahua Technology DVR0404HF-S-E
Dahua Technology DVR0404HF-U-E
Dahuasecurity DVR Firmware
Dahua Security DVR0804HD-L
Dahua Security DVR0804HD-S
Dahua Technology DVR0804HF-A-E
Dahua Security DVR0804HF-AL-E
Dahuasecurity Dvr0804hf-l-e
Dahua Technology DVR0804HF-S-E
Dahua DVR0804HF-U-E
Dahua Security DVR1604HD-L
Dahua Security DVR1604HD-S
Dahua Security DVR1604HF-A-E
Dahua Technology DVR1604HF-AL-E
Dahua Technology DVR1604HF-L-E
Dahua Technology DVR1604HF-S-E
Dahua Security DVR1604HF-U-E
Dahua Security DVR2104C
Dahua DVR 2104H
Dahuasecurity DVR2104HC
Dahua Dvr2104HE
Dahua Security DVR2108C
Dahua Security DVR2108H
Dahua DVR 2108HC
Dahua DVR 2108HE
Dahua Security DVR5116C
Dahua DVR 2116HE
Dahuasecurity DVR2116HC
Dahua DVR 2116HE
Dahua Security DVR2404HF-S
Dahua Technology DVR2404LF-AL
Dahuasecurity DVR2404LF-S
Dahua Security DVR3204HF-S
Dahua Security DVR3204LF-AL
Dahua Security DVR3204LF-S
Dahua Security DVR3224L
Dahua Security DVR3232L
Dahua DVR 5104C
Dahuasecurity Dvr5104h
Dahua DVR5104HE
Dahua DVR 5108C
Dahua Security DVR5108H
Dahua Security DVR5108HE
Dahua Security DVR5116C
Dahua DVR 5116H
Dahuasecurity DVR5116HE
Dahua Security DVR5204A
Dahua Security DVR5204L
Dahua Security DVR5208A
Dahua Security DVR5208L
Dahua Security DVR5216A
Dahua Technology DVR5216L
Dahuasecurity DVR Firmware
Dahua Security DVR5408
Dahua Technology DVR5416
Dahua Security DVR5804
Dahuasecurity DVR Firmware
Dahua Security DVR5816
Dahuasecurity DVR6404LF-S

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2013-5754?

    The severity of CVE-2013-5754 is considered high due to the risk of unauthorized administrative access.

  • How do I fix CVE-2013-5754?

    To fix CVE-2013-5754, update the Dahua DVR appliances to the latest firmware version provided by the manufacturer.

  • What types of devices are affected by CVE-2013-5754?

    CVE-2013-5754 affects various Dahua DVR appliances, including models like DVR0404HD-A, DVR0804, and DVR1604HD-L.

  • What are the implications of CVE-2013-5754?

    Exploitation of CVE-2013-5754 allows remote attackers to gain administrative control and modificar the administrator password.

  • How can I confirm if my device is vulnerable to CVE-2013-5754?

    To confirm vulnerability, check your Dahua DVR model against the affected models listed in CVE-2013-5754 and review the firmware version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203