What is the severity of CVE-2017-9314?

The severity of CVE-2017-9314 is high due to its potential impact on unauthorized access to operations on affected Dahua NVR models.

How do I fix CVE-2017-9314?

To fix CVE-2017-9314, update the firmware of affected Dahua NVR models to version DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102 or later.

Which Dahua NVR models are affected by CVE-2017-9314?

Affected Dahua NVR models include NVR50XX, NVR52XX, NVR54XX, and NVR58XX with software versions prior to DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102.

What is the nature of the vulnerability in CVE-2017-9314?

CVE-2017-9314 is an authentication vulnerability that allows attackers to forge JSON messages and gain access to additional operations.

Is there a known exploit for CVE-2017-9314?

Yes, attackers can exploit CVE-2017-9314 by sending crafted JSON messages to manipulate operations on affected NVR devices.

Vulnerability/
CVE-2017-9314

high

8.8

CWE

287

13/11/2017

29/11/2017

CVE-2017-9314

First published: Mon Nov 13 2017(Updated: )

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

Credit: cybersecurity@dahuatech.com

Affected Software	Affected Version	How to fix
Dahua Security NVR5464-16P-4KS2	<dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5464-16p-4ks2 Firmware
Dahua Security NVR5208-8P-4KS2	<dh_nvr5208_eng_p_v2.616.0000.0.r.20171102
Dahua Security NVR5208-8P-4KS2
Dahuasecurity Nvr5432-16p-4ks2 Firmware	<dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
Dahua Security NVR5432-16P-4KS2
Dahuasecurity Nvr5416-16p-4ks2 Firmware	<dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5416-16p-4ks2 Firmware
Dahuasecurity Nvr5464-4ks2 Firmware	<dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
Dahua Security NVR5464-4KS2
Dahuasecurity Nvr5432-4ks2 Firmware	<dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5432-4ks2 Firmware
Dahuasecurity Nvr5416-4ks2	<dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5416-4ks2 Firmware
Dahuasecurity Nvr5232-16p-4ks2 Firmware	<dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5232-16p-4ks2 Firmware
Dahua Security NVR5216-16P-4KS2 Firmware	<dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
Dahua NVR5216-16P-4KS2
Dahuasecurity Nvr5232-8p-4ks2 Firmware	<dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5232-8p-4ks2 Firmware
Dahuasecurity Nvr5216-8p-4ks2 Firmware	<dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
Dahua Security NVR5216-8P-4KS2
Dahuasecurity Nvr5232-4ks2 Firmware	<dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5232-4ks2 Firmware
Dahuasecurity Nvr5216-4ks2 Firmware	<dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5216-4ks2 Firmware
Dahua Security NVR5208-4KS2	<dh_nvr5208_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5208-4ks2 Firmware
Dahua Security NVR5816-4KS2 Firmware	<dh_nvr5816_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5816-16p-4ks2 Firmware
Dahuasecurity Nvr5832-4ks2 Firmware	<dh_nvr5832_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5832-4ks2 Firmware
Dahua Security NVR5864-4KS2 Firmware	<dh_nvr5864_eng_p_v2.616.0000.0.r.20171102
Dahua Security NVR5864-4KS2 Firmware
Dahuasecurity Nvr5864-16p-4ks2 Firmware	<dh_nvr5864_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5864-16p-4ks2 Firmware
Dahua Security NVR5832-16P-4KS2 Firmware	<dh_nvr5832_eng_p_v2.616.0000.0.r.20171102
Dahua Security NVR5832-16P-4KS2 Firmware
Dahuasecurity Nvr5816-16p-4ks2	<dh_nvr5816_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5816-16p-4ks2 Firmware
Dahuasecurity Nvr5424-24p-4ks2	<dh_nvr5424_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5424-24p-4ks2 Firmware
Dahuasecurity Nvr5224-24p-4ks2	<dh_nvr5224_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity Nvr5224-24p-4ks2 Firmware

Never miss a vulnerability like this again

Reference Links

http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html

Frequently Asked Questions

What is the severity of CVE-2017-9314?
The severity of CVE-2017-9314 is high due to its potential impact on unauthorized access to operations on affected Dahua NVR models.
How do I fix CVE-2017-9314?
To fix CVE-2017-9314, update the firmware of affected Dahua NVR models to version DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102 or later.
Which Dahua NVR models are affected by CVE-2017-9314?
Affected Dahua NVR models include NVR50XX, NVR52XX, NVR54XX, and NVR58XX with software versions prior to DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102.
What is the nature of the vulnerability in CVE-2017-9314?
CVE-2017-9314 is an authentication vulnerability that allows attackers to forge JSON messages and gain access to additional operations.
Is there a known exploit for CVE-2017-9314?
Yes, attackers can exploit CVE-2017-9314 by sending crafted JSON messages to manipulate operations on affected NVR devices.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
agent/weakness
agent/references
agent/severity
agent/author
agent/description
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dahuasecurity
canonical/dahua security nvr5464-16p-4ks2
canonical/dahuasecurity nvr5464-16p-4ks2 firmware
canonical/dahua security nvr5208-8p-4ks2
canonical/dahuasecurity nvr5432-16p-4ks2 firmware
canonical/dahua security nvr5432-16p-4ks2
canonical/dahuasecurity nvr5416-16p-4ks2 firmware
canonical/dahuasecurity nvr5464-4ks2 firmware
canonical/dahua security nvr5464-4ks2
canonical/dahuasecurity nvr5432-4ks2 firmware
canonical/dahuasecurity nvr5416-4ks2
canonical/dahuasecurity nvr5416-4ks2 firmware
canonical/dahuasecurity nvr5232-16p-4ks2 firmware
canonical/dahua security nvr5216-16p-4ks2 firmware
canonical/dahua nvr5216-16p-4ks2
canonical/dahuasecurity nvr5232-8p-4ks2 firmware
canonical/dahuasecurity nvr5216-8p-4ks2 firmware
canonical/dahua security nvr5216-8p-4ks2
canonical/dahuasecurity nvr5232-4ks2 firmware
canonical/dahuasecurity nvr5216-4ks2 firmware
canonical/dahua security nvr5208-4ks2
canonical/dahuasecurity nvr5208-4ks2 firmware
canonical/dahua security nvr5816-4ks2 firmware
canonical/dahuasecurity nvr5816-16p-4ks2 firmware
canonical/dahuasecurity nvr5832-4ks2 firmware
canonical/dahua security nvr5864-4ks2 firmware
canonical/dahuasecurity nvr5864-16p-4ks2 firmware
canonical/dahua security nvr5832-16p-4ks2 firmware
canonical/dahuasecurity nvr5816-16p-4ks2
canonical/dahuasecurity nvr5424-24p-4ks2
canonical/dahuasecurity nvr5424-24p-4ks2 firmware
canonical/dahuasecurity nvr5224-24p-4ks2
canonical/dahuasecurity nvr5224-24p-4ks2 firmware