CVE-2017-9315
First published: Tue Nov 28 2017(Updated: )
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
Credit: cybersecurity@dahuatech.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahuasecurity Ipc-hfw1xxx Firmware | ||
| Dahuasecurity Ipc-hfw1xxx | ||
| Dahuasecurity Ipc-hdw1xxx Firmware | ||
| Dahuasecurity Ipc-hdw1xxx | ||
| Dahuasecurity Ipc-hdbw1xxx Firmware | ||
| Dahuasecurity Ipc-hdbw1xxx | ||
| Dahuasecurity Ipc-hfw2xxx Firmware | ||
| Dahuasecurity Ipc-hfw2xxx | ||
| Dahuasecurity Ipc-hdw2xxx Firmware | ||
| Dahuasecurity Ipc-hdw2xxx | ||
| Dahuasecurity Ipc-hdbw2xxx Firmware | ||
| Dahuasecurity Ipc-hdbw2xxx | ||
| Dahuasecurity Ipc-hfw4xxx Firmware | ||
| Dahuasecurity Ipc-hfw4xxx | ||
| Dahuasecurity Ipc-hdw4xxx Firmware | ||
| Dahuasecurity Ipc-hdw4xxx | ||
| Dahuasecurity Ipc-hdbw4xxx Firmware | ||
| Dahuasecurity Ipc-hdbw4xxx | ||
| Dahuasecurity Ipc-hf5xxx Firmware | ||
| Dahuasecurity Ipc-hf5xxx | ||
| Dahuasecurity Ipc-hfw5xxx Firmware | ||
| Dahuasecurity Ipc-hfw5xxx | ||
| Dahuasecurity Ipc-hdw5xxx Firmware | ||
| Dahuasecurity Ipc-hdw5xxx | ||
| Dahuasecurity Ipc-hdbw5xxx Firmware | ||
| Dahuasecurity Ipc-hdbw5xxx | ||
| Dahuasecurity Ipc-hf8xxx Firmware | ||
| Dahuasecurity Ipc-hf8xxx | ||
| Dahuasecurity Ipc-hfw8xxx Firmware | ||
| Dahuasecurity Ipc-hfw8xxx | ||
| Dahuasecurity Ipc-hdbw8xxx Firmware | ||
| Dahuasecurity Ipc-hdbw8xxx | ||
| Dahuasecurity Ipc-ebw8xxx Firmware | ||
| Dahuasecurity Ipc-ebw8xxx | ||
| Dahuasecurity Ipc-pfw8xxx Firmware | ||
| Dahuasecurity Ipc-pfw8xxx | ||
| Dahuasecurity Dh-sd2xxxxx Firmware | ||
| Dahuasecurity Dh-sd2xxxxx | ||
| Dahuasecurity Ipc-pdbw8xxx Firmware | ||
| Dahuasecurity Ipc-pdbw8xxx | ||
| Dahuasecurity Ipc-hum8xxx Firmware | ||
| Dahuasecurity Ipc-hum8xxx | ||
| Dahuasecurity Psd8xxxx Firmware | ||
| Dahuasecurity Psd8xxxx | ||
| Dahuasecurity Dh-sd4xxxxx Firmware | ||
| Dahuasecurity Dh-sd4xxxxx | ||
| Dahuasecurity Dh-sd5xxxxx Firmware | ||
| Dahuasecurity Dh-sd5xxxxx | ||
| Dahuasecurity Dh-sd6xxxxx Firmware | ||
| Dahuasecurity Dh-sd6xxxxx |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-9315?
CVE-2017-9315 is a vulnerability in Dahua IP cameras and IP PTZ (Pan-Tilt-Zoom) devices that allows an attacker to compromise the admin password reset mechanism.
What is the severity of CVE-2017-9315?
The severity of CVE-2017-9315 is critical with a severity score of 9.8.
How does the vulnerability in Dahua IP cameras and IP PTZ devices work?
The vulnerability allows an attacker to potentially compromise the algorithm used in the admin password reset mechanism.
Which versions of Dahua IP cameras and IP PTZ devices are affected by CVE-2017-9315?
Dahua IP cameras and IP PTZ devices with the following firmware are affected: Ipc-hfw1xxx, Ipc-hdw1xxx, Ipc-hdbw1xxx, Ipc-hfw2xxx, Ipc-hdw2xxx, Ipc-hdbw2xxx, Ipc-hfw4xxx, Ipc-hdw4xxx, Ipc-hdbw4xxx, Ipc-hf5xxx, Ipc-hfw5xxx, Ipc-hdw5xxx, Ipc-hdbw5xxx, Ipc-hf8xxx, Ipc-hfw8xxx, Ipc-hdbw8xxx, Ipc-ebw8xxx, Ipc-pfw8xxx, Dh-sd2xxxxx, Ipc-pdbw8xxx, Ipc-hum8xxx, Psd8xxxx, Dh-sd4xxxxx, Dh-sd5xxxxx, Dh-sd6xxxxx.
How can I fix the vulnerability in Dahua IP cameras and IP PTZ devices?
To fix the vulnerability, contact a Dahua authorized dealer to receive a time-limited temporary password and reset the admin password.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/dahuasecurity
- canonical/dahuasecurity ipc-hfw1xxx firmware
- canonical/dahuasecurity ipc-hfw1xxx
- canonical/dahuasecurity ipc-hdw1xxx firmware
- canonical/dahuasecurity ipc-hdw1xxx
- canonical/dahuasecurity ipc-hdbw1xxx firmware
- canonical/dahuasecurity ipc-hdbw1xxx
- canonical/dahuasecurity ipc-hfw2xxx firmware
- canonical/dahuasecurity ipc-hfw2xxx
- canonical/dahuasecurity ipc-hdw2xxx firmware
- canonical/dahuasecurity ipc-hdw2xxx
- canonical/dahuasecurity ipc-hdbw2xxx firmware
- canonical/dahuasecurity ipc-hdbw2xxx
- canonical/dahuasecurity ipc-hfw4xxx firmware
- canonical/dahuasecurity ipc-hfw4xxx
- canonical/dahuasecurity ipc-hdw4xxx firmware
- canonical/dahuasecurity ipc-hdw4xxx
- canonical/dahuasecurity ipc-hdbw4xxx firmware
- canonical/dahuasecurity ipc-hdbw4xxx
- canonical/dahuasecurity ipc-hf5xxx firmware
- canonical/dahuasecurity ipc-hf5xxx
- canonical/dahuasecurity ipc-hfw5xxx firmware
- canonical/dahuasecurity ipc-hfw5xxx
- canonical/dahuasecurity ipc-hdw5xxx firmware
- canonical/dahuasecurity ipc-hdw5xxx
- canonical/dahuasecurity ipc-hdbw5xxx firmware
- canonical/dahuasecurity ipc-hdbw5xxx
- canonical/dahuasecurity ipc-hf8xxx firmware
- canonical/dahuasecurity ipc-hf8xxx
- canonical/dahuasecurity ipc-hfw8xxx firmware
- canonical/dahuasecurity ipc-hfw8xxx
- canonical/dahuasecurity ipc-hdbw8xxx firmware
- canonical/dahuasecurity ipc-hdbw8xxx
- canonical/dahuasecurity ipc-ebw8xxx firmware
- canonical/dahuasecurity ipc-ebw8xxx
- canonical/dahuasecurity ipc-pfw8xxx firmware
- canonical/dahuasecurity ipc-pfw8xxx
- canonical/dahuasecurity dh-sd2xxxxx firmware
- canonical/dahuasecurity dh-sd2xxxxx
- canonical/dahuasecurity ipc-pdbw8xxx firmware
- canonical/dahuasecurity ipc-pdbw8xxx
- canonical/dahuasecurity ipc-hum8xxx firmware
- canonical/dahuasecurity ipc-hum8xxx
- canonical/dahuasecurity psd8xxxx firmware
- canonical/dahuasecurity psd8xxxx
- canonical/dahuasecurity dh-sd4xxxxx firmware
- canonical/dahuasecurity dh-sd4xxxxx
- canonical/dahuasecurity dh-sd5xxxxx firmware
- canonical/dahuasecurity dh-sd5xxxxx
- canonical/dahuasecurity dh-sd6xxxxx firmware
- canonical/dahuasecurity dh-sd6xxxxx