What is CVE-2017-9315?

CVE-2017-9315 is a vulnerability in Dahua IP cameras and IP PTZ (Pan-Tilt-Zoom) devices that allows an attacker to compromise the admin password reset mechanism.

What is the severity of CVE-2017-9315?

The severity of CVE-2017-9315 is critical with a severity score of 9.8.

How does the vulnerability in Dahua IP cameras and IP PTZ devices work?

The vulnerability allows an attacker to potentially compromise the algorithm used in the admin password reset mechanism.

Which versions of Dahua IP cameras and IP PTZ devices are affected by CVE-2017-9315?

Dahua IP cameras and IP PTZ devices with the following firmware are affected: Ipc-hfw1xxx, Ipc-hdw1xxx, Ipc-hdbw1xxx, Ipc-hfw2xxx, Ipc-hdw2xxx, Ipc-hdbw2xxx, Ipc-hfw4xxx, Ipc-hdw4xxx, Ipc-hdbw4xxx, Ipc-hf5xxx, Ipc-hfw5xxx, Ipc-hdw5xxx, Ipc-hdbw5xxx, Ipc-hf8xxx, Ipc-hfw8xxx, Ipc-hdbw8xxx, Ipc-ebw8xxx, Ipc-pfw8xxx, Dh-sd2xxxxx, Ipc-pdbw8xxx, Ipc-hum8xxx, Psd8xxxx, Dh-sd4xxxxx, Dh-sd5xxxxx, Dh-sd6xxxxx.

How can I fix the vulnerability in Dahua IP cameras and IP PTZ devices?

To fix the vulnerability, contact a Dahua authorized dealer to receive a time-limited temporary password and reset the admin password.

Vulnerability/
CVE-2017-9315

critical

9.8

28/11/2017

17/9/2024

CVE-2017-9315

First published: Tue Nov 28 2017(Updated: )

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.

Credit: cybersecurity@dahuatech.com

Affected Software	Affected Version	How to fix
Dahua IPC-HFW1XXX
Dahua IPC-HFW1XXX
Dahuasecurity DH-IPC-HDW1XXX Firmware
Dahua IPC-HDW1xxx
Dahua Security IPC-HDBW1XXX
Dahuasecurity Ipc-hdbw1xxx Firmware
Dahuasecurity IPC-HFW2XXX Firmware
Dahuasecurity IPC-HFW2XXX Firmware
Dahuasecurity IPC-HDW2XXX Firmware
Dahuasecurity IPC-HDW2XXX Firmware
Dahuasecurity IPC-HDBW2XXX Firmware
Dahua IPC-HDBW2XXX
Dahuasecurity IPC-HFW4XXX
Dahuasecurity IPC-HFW4XXX Firmware
Dahuasecurity IPC-HDW4XXX Firmware
Dahuasecurity IPC-HDW4XXX Firmware
Dahuasecurity Ipc-hdbw4xxx Firmware
Dahuasecurity Ipc-hdbw4xxx Firmware
Dahuasecurity IPC-HF5XXX Firmware
Dahuasecurity IPC-HF5XXX Firmware
Dahuasecurity IPC-HFW5XXX
Dahuasecurity IPC-HFW5X2X Firmware
Dahua IPC-HDW5XXX Firmware
Dahua IPC-HDW5XXX Firmware
Dahuasecurity IPC-HDBW5XXX
Dahuasecurity IPC-HDBW5XXX Firmware
Dahuasecurity IPC-HF8XXX
Dahuasecurity IPC-HF8XXX Firmware
Dahua IPC-HFW8XXX
Dahuasecurity Ipc-hfw8xxx Firmware
Dahuasecurity IPC-EBW8XXX Firmware
Dahua IPC-HDBW8XXX
Dahuasecurity IPC-EBW8XXX Firmware
Dahua IPC-EBW8XXX
Dahua IPC-PFW8XXX
Dahuasecurity IPC-PFW8XXX Firmware
Dahua Security Dh-sd2xxxxx
Dahua Security Dh-sd2xxxxx
Dahua IPC-PDBW8XXX
Dahuasecurity IPC-PDBW8XXX Firmware
Dahuasecurity Ipc-hum8xxx Firmware
Dahuasecurity Ipc-hum8xxx Firmware
Dahua Technology Psd8xxxx
Dahua Technology Psd8xxxx
Dahuasecurity DH-SD4XXXXX Firmware
Dahua DH-SD4XXXXX
Dahua Security DH-SD5xxxxx
Dahua Security DH-SD5xxxxx
Dahuasecurity DH-SD6XXXXX
Dahuasecurity DH-SD6XXXXX Firmware

Never miss a vulnerability like this again

Reference Links

http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html

Frequently Asked Questions

What is CVE-2017-9315?
CVE-2017-9315 is a vulnerability in Dahua IP cameras and IP PTZ (Pan-Tilt-Zoom) devices that allows an attacker to compromise the admin password reset mechanism.
What is the severity of CVE-2017-9315?
The severity of CVE-2017-9315 is critical with a severity score of 9.8.
How does the vulnerability in Dahua IP cameras and IP PTZ devices work?
The vulnerability allows an attacker to potentially compromise the algorithm used in the admin password reset mechanism.
Which versions of Dahua IP cameras and IP PTZ devices are affected by CVE-2017-9315?
Dahua IP cameras and IP PTZ devices with the following firmware are affected: Ipc-hfw1xxx, Ipc-hdw1xxx, Ipc-hdbw1xxx, Ipc-hfw2xxx, Ipc-hdw2xxx, Ipc-hdbw2xxx, Ipc-hfw4xxx, Ipc-hdw4xxx, Ipc-hdbw4xxx, Ipc-hf5xxx, Ipc-hfw5xxx, Ipc-hdw5xxx, Ipc-hdbw5xxx, Ipc-hf8xxx, Ipc-hfw8xxx, Ipc-hdbw8xxx, Ipc-ebw8xxx, Ipc-pfw8xxx, Dh-sd2xxxxx, Ipc-pdbw8xxx, Ipc-hum8xxx, Psd8xxxx, Dh-sd4xxxxx, Dh-sd5xxxxx, Dh-sd6xxxxx.
How can I fix the vulnerability in Dahua IP cameras and IP PTZ devices?
To fix the vulnerability, contact a Dahua authorized dealer to receive a time-limited temporary password and reset the admin password.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dahuasecurity
canonical/dahua ipc-hfw1xxx
canonical/dahuasecurity dh-ipc-hdw1xxx firmware
canonical/dahua ipc-hdw1xxx
canonical/dahua security ipc-hdbw1xxx
canonical/dahuasecurity ipc-hdbw1xxx firmware
canonical/dahuasecurity ipc-hfw2xxx firmware
canonical/dahuasecurity ipc-hdw2xxx firmware
canonical/dahuasecurity ipc-hdbw2xxx firmware
canonical/dahua ipc-hdbw2xxx
canonical/dahuasecurity ipc-hfw4xxx
canonical/dahuasecurity ipc-hfw4xxx firmware
canonical/dahuasecurity ipc-hdw4xxx firmware
canonical/dahuasecurity ipc-hdbw4xxx firmware
canonical/dahuasecurity ipc-hf5xxx firmware
canonical/dahuasecurity ipc-hfw5xxx
canonical/dahuasecurity ipc-hfw5x2x firmware
canonical/dahua ipc-hdw5xxx firmware
canonical/dahuasecurity ipc-hdbw5xxx
canonical/dahuasecurity ipc-hdbw5xxx firmware
canonical/dahuasecurity ipc-hf8xxx
canonical/dahuasecurity ipc-hf8xxx firmware
canonical/dahua ipc-hfw8xxx
canonical/dahuasecurity ipc-hfw8xxx firmware
canonical/dahuasecurity ipc-ebw8xxx firmware
canonical/dahua ipc-hdbw8xxx
canonical/dahua ipc-ebw8xxx
canonical/dahua ipc-pfw8xxx
canonical/dahuasecurity ipc-pfw8xxx firmware
canonical/dahua security dh-sd2xxxxx
canonical/dahua ipc-pdbw8xxx
canonical/dahuasecurity ipc-pdbw8xxx firmware
canonical/dahuasecurity ipc-hum8xxx firmware
canonical/dahua technology psd8xxxx
canonical/dahuasecurity dh-sd4xxxxx firmware
canonical/dahua dh-sd4xxxxx
canonical/dahua security dh-sd5xxxxx
canonical/dahuasecurity dh-sd6xxxxx
canonical/dahuasecurity dh-sd6xxxxx firmware