medium
6.5
CWE
287
Advisory Published
Updated

CVE-2017-9316

First published: Mon Nov 27 2017(Updated: )

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.

Credit: cybersecurity@dahuatech.com

Affected SoftwareAffected VersionHow to fix
Dahuasecurity Nvr11hs Firmware=3.210.0000.0.r.20150206
Dahuasecurity Nvr11hs Firmware=3.210.0000.1.r.20150420
Dahuasecurity Nvr11hs Firmware=3.210.0000.2.r.20150715
Dahuasecurity Nvr11hs Firmware=3.210.0000.3.r.20150921
Dahuasecurity Nvr11hs Firmware=3.210.0000.5.r.20160409
Dahuasecurity Nvr11hs Firmware=3.210.0000.5.r.20160603
Dahuasecurity Nvr11hs Firmware=3.210.0000.5.r.20160803
Dahuasecurity Nvr11hs Firmware=3.210.0000.5.r.20161226
Dahuasecurity Nvr11hs Firmware=3.210.0000.5.r.20170305
Dahuasecurity Nvr11hs Firmware=3.210.0000.5.r.20170321
Dahuasecurity Nvr11hs
Dahuasecurity Ipc-hdw4300s Firmware=2.240.0009.0.r.20131015
Dahuasecurity Ipc-hdw4300s Firmware=2.400.0000.0.r.20131231
Dahuasecurity Ipc-hdw4300s Firmware=2.420.0000.0.r.20140419
Dahuasecurity Ipc-hdw4300s Firmware=2.420.0002.0.r.20140621
Dahuasecurity Ipc-hdw4300s Firmware=2.420.0002.0.r.20140724
Dahuasecurity Ipc-hdw4300s Firmware=2.420.0005.0.r.20141205
Dahuasecurity Ipc-hdw4300s Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hdw4300s Firmware=2.420.0007.0.r.20150409
Dahuasecurity Ipc-hdw4300s Firmware=2.420.0008.0.r.20150710
Dahuasecurity Ipc-hdw4300s
Dahuasecurity Ipc-hfw4x00 Firmware=2.400.0000.3.r.20150312
Dahuasecurity Ipc-hfw4x00 Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hfw4x00
Dahuasecurity Ipc-hdw4x00 Firmware=2.400.0000.3.r.20150312
Dahuasecurity Ipc-hdw4x00 Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hdw4x00
Dahuasecurity Ipc-hdbw4x00 Firmware=2.400.0000.3.r.20150312
Dahuasecurity Ipc-hdbw4x00 Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hdbw4x00
Dahuasecurity Ipc-hf5x00 Firmware=2.400.0000.3.r.20150312
Dahuasecurity Ipc-hf5x00 Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hf5x00
Dahuasecurity Ipc-hfw5x00 Firmware=2.400.0000.3.r.20150312
Dahuasecurity Ipc-hfw5x00 Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hfw5x00
Dahuasecurity Ipc-hdw5x00 Firmware=2.400.0000.3.r.20150312
Dahuasecurity Ipc-hdw5x00 Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hdw5x00
Dahuasecurity Ipc-hdbw5x00 Firmware=2.400.0000.3.r.20150312
Dahuasecurity Ipc-hdbw5x00 Firmware=2.420.0006.0.r.20150311
Dahuasecurity Ipc-hdbw5x00

Remedy

http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203