CVE-2017-9316
First published: Mon Nov 27 2017(Updated: )
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
Credit: cybersecurity@dahuatech.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.0.r.20150206 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.1.r.20150420 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.2.r.20150715 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.3.r.20150921 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.5.r.20160409 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.5.r.20160603 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.5.r.20160803 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.5.r.20161226 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.5.r.20170305 | |
| Dahuasecurity Nvr11hs Firmware | =3.210.0000.5.r.20170321 | |
| Dahuasecurity Nvr11hs | ||
| Dahuasecurity Ipc-hdw4300s Firmware | =2.240.0009.0.r.20131015 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.400.0000.0.r.20131231 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.420.0000.0.r.20140419 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.420.0002.0.r.20140621 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.420.0002.0.r.20140724 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.420.0005.0.r.20141205 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.420.0007.0.r.20150409 | |
| Dahuasecurity Ipc-hdw4300s Firmware | =2.420.0008.0.r.20150710 | |
| Dahuasecurity Ipc-hdw4300s | ||
| Dahuasecurity Ipc-hfw4x00 Firmware | =2.400.0000.3.r.20150312 | |
| Dahuasecurity Ipc-hfw4x00 Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hfw4x00 | ||
| Dahuasecurity Ipc-hdw4x00 Firmware | =2.400.0000.3.r.20150312 | |
| Dahuasecurity Ipc-hdw4x00 Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hdw4x00 | ||
| Dahuasecurity Ipc-hdbw4x00 Firmware | =2.400.0000.3.r.20150312 | |
| Dahuasecurity Ipc-hdbw4x00 Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hdbw4x00 | ||
| Dahuasecurity Ipc-hf5x00 Firmware | =2.400.0000.3.r.20150312 | |
| Dahuasecurity Ipc-hf5x00 Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hf5x00 | ||
| Dahuasecurity Ipc-hfw5x00 Firmware | =2.400.0000.3.r.20150312 | |
| Dahuasecurity Ipc-hfw5x00 Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hfw5x00 | ||
| Dahuasecurity Ipc-hdw5x00 Firmware | =2.400.0000.3.r.20150312 | |
| Dahuasecurity Ipc-hdw5x00 Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hdw5x00 | ||
| Dahuasecurity Ipc-hdbw5x00 Firmware | =2.400.0000.3.r.20150312 | |
| Dahuasecurity Ipc-hdbw5x00 Firmware | =2.420.0006.0.r.20150311 | |
| Dahuasecurity Ipc-hdbw5x00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-9316?
CVE-2017-9316 has been classified as a high-severity vulnerability due to its potential impact on firmware upgrade authentication.
How do I fix CVE-2017-9316?
To fix CVE-2017-9316, users should update their Dahua IPC-HDW4300S and affected IP product firmware to the latest version provided by Dahua Security.
What products are affected by CVE-2017-9316?
CVE-2017-9316 affects Dahua IPC-HDW4300S and several versions of the Dahua NVR11HS firmware.
What causes the CVE-2017-9316 vulnerability?
CVE-2017-9316 is caused by an internal debug function that allows an authentication bypass during firmware upgrades.
Is there any public exploit for CVE-2017-9316?
There is no known public exploit for CVE-2017-9316, but the vulnerability presents significant risks if left unpatched.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/dahuasecurity
- canonical/dahuasecurity nvr11hs firmware
- version/dahuasecurity nvr11hs firmware/3.210.0000.0.r.20150206
- version/dahuasecurity nvr11hs firmware/3.210.0000.1.r.20150420
- version/dahuasecurity nvr11hs firmware/3.210.0000.2.r.20150715
- version/dahuasecurity nvr11hs firmware/3.210.0000.3.r.20150921
- version/dahuasecurity nvr11hs firmware/3.210.0000.5.r.20160409
- version/dahuasecurity nvr11hs firmware/3.210.0000.5.r.20160603
- version/dahuasecurity nvr11hs firmware/3.210.0000.5.r.20160803
- version/dahuasecurity nvr11hs firmware/3.210.0000.5.r.20161226
- version/dahuasecurity nvr11hs firmware/3.210.0000.5.r.20170305
- version/dahuasecurity nvr11hs firmware/3.210.0000.5.r.20170321
- canonical/dahuasecurity nvr11hs
- canonical/dahuasecurity ipc-hdw4300s firmware
- version/dahuasecurity ipc-hdw4300s firmware/2.240.0009.0.r.20131015
- version/dahuasecurity ipc-hdw4300s firmware/2.400.0000.0.r.20131231
- version/dahuasecurity ipc-hdw4300s firmware/2.420.0000.0.r.20140419
- version/dahuasecurity ipc-hdw4300s firmware/2.420.0002.0.r.20140621
- version/dahuasecurity ipc-hdw4300s firmware/2.420.0002.0.r.20140724
- version/dahuasecurity ipc-hdw4300s firmware/2.420.0005.0.r.20141205
- version/dahuasecurity ipc-hdw4300s firmware/2.420.0006.0.r.20150311
- version/dahuasecurity ipc-hdw4300s firmware/2.420.0007.0.r.20150409
- version/dahuasecurity ipc-hdw4300s firmware/2.420.0008.0.r.20150710
- canonical/dahuasecurity ipc-hdw4300s
- canonical/dahuasecurity ipc-hfw4x00 firmware
- version/dahuasecurity ipc-hfw4x00 firmware/2.400.0000.3.r.20150312
- version/dahuasecurity ipc-hfw4x00 firmware/2.420.0006.0.r.20150311
- canonical/dahuasecurity ipc-hfw4x00
- canonical/dahuasecurity ipc-hdw4x00 firmware
- version/dahuasecurity ipc-hdw4x00 firmware/2.400.0000.3.r.20150312
- version/dahuasecurity ipc-hdw4x00 firmware/2.420.0006.0.r.20150311
- canonical/dahuasecurity ipc-hdw4x00
- canonical/dahuasecurity ipc-hdbw4x00 firmware
- version/dahuasecurity ipc-hdbw4x00 firmware/2.400.0000.3.r.20150312
- version/dahuasecurity ipc-hdbw4x00 firmware/2.420.0006.0.r.20150311
- canonical/dahuasecurity ipc-hdbw4x00
- canonical/dahuasecurity ipc-hf5x00 firmware
- version/dahuasecurity ipc-hf5x00 firmware/2.400.0000.3.r.20150312
- version/dahuasecurity ipc-hf5x00 firmware/2.420.0006.0.r.20150311
- canonical/dahuasecurity ipc-hf5x00
- canonical/dahuasecurity ipc-hfw5x00 firmware
- version/dahuasecurity ipc-hfw5x00 firmware/2.400.0000.3.r.20150312
- version/dahuasecurity ipc-hfw5x00 firmware/2.420.0006.0.r.20150311
- canonical/dahuasecurity ipc-hfw5x00
- canonical/dahuasecurity ipc-hdw5x00 firmware
- version/dahuasecurity ipc-hdw5x00 firmware/2.400.0000.3.r.20150312
- version/dahuasecurity ipc-hdw5x00 firmware/2.420.0006.0.r.20150311
- canonical/dahuasecurity ipc-hdw5x00
- canonical/dahuasecurity ipc-hdbw5x00 firmware
- version/dahuasecurity ipc-hdbw5x00 firmware/2.400.0000.3.r.20150312
- version/dahuasecurity ipc-hdbw5x00 firmware/2.420.0006.0.r.20150311
- canonical/dahuasecurity ipc-hdbw5x00