CVE-2017-9317
First published: Wed May 23 2018(Updated: )
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
Credit: cybersecurity@dahuatech.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahuasecurity Xvr5x16 Firmware | <3.218.0000002.1.r.171229 | |
| Dahuasecurity Xvr5x16 | ||
| Dahuasecurity Xvr5x08 Firmware | <3.218.0000002.1.r.171229 | |
| Dahuasecurity Xvr5x08 | ||
| Dahuasecurity Xvr5x04 Firmware | <3.218.0000002.1.r.171229 | |
| Dahuasecurity Xvr5x04 | ||
| Dahuasecurity Xvr7x16 Firmware | <3.218.0000002.1.r.171229 | |
| Dahuasecurity Xvr7x16 | ||
| Dahuasecurity Ipc-hdbw4xxx Firmware | <2.622.0000000.18.r.20171110 | |
| Dahuasecurity Ipc-hdbw4xxx | ||
| Dahuasecurity Ipc-hdbw4xxx Firmware | <2.621.0000.28.r.20170912 | |
| Dahuasecurity Ipc-hdbw5xxx Firmware | <2.622.0000000.18.r.20171110 | |
| Dahuasecurity Ipc-hdbw5xxx | ||
| Dahuasecurity Ipc-hdbw5xxx Firmware | <2.621.0000.28.r.20170912 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-9317?
CVE-2017-9317 is a privilege escalation vulnerability found in some Dahua IP devices.
How severe is CVE-2017-9317?
CVE-2017-9317 has a severity rating of 8.8 (high).
Which Dahua IP devices are affected by CVE-2017-9317?
Dahuasecurity Xvr5x16 Firmware (up to version 3.218.0000002.1.r.171229), Dahuasecurity Xvr5x08 Firmware (up to version 3.218.0000002.1.r.171229), Dahuasecurity Xvr5x04 Firmware (up to version 3.218.0000002.1.r.171229), Dahuasecurity Xvr7x16 Firmware (up to version 3.218.0000002.1.r.171229), Dahuasecurity Ipc-hdbw4xxx Firmware (up to version 2.622.0000000.18.r.20171110), Dahuasecurity Ipc-hdbw4xxx Firmware (up to version 2.621.0000.28.r.20170912), Dahuasecurity Ipc-hdbw5xxx Firmware (up to version 2.622.0000000.18.r.20171110), Dahuasecurity Ipc-hdbw5xxx Firmware (up to version 2.621.0000.28.r.20170912).
What can an attacker do with CVE-2017-9317?
An attacker in possession of a low privilege account can gain access to credential information of a high privilege account and further obtain device information or attack the device.
How can I fix CVE-2017-9317?
To fix CVE-2017-9317, upgrade to a version of the Dahua IP device firmware that is not vulnerable.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dahuasecurity
- canonical/dahuasecurity xvr5x16 firmware
- canonical/dahuasecurity xvr5x16
- canonical/dahuasecurity xvr5x08 firmware
- canonical/dahuasecurity xvr5x08
- canonical/dahuasecurity xvr5x04 firmware
- canonical/dahuasecurity xvr5x04
- canonical/dahuasecurity xvr7x16 firmware
- canonical/dahuasecurity xvr7x16
- canonical/dahuasecurity ipc-hdbw4xxx firmware
- canonical/dahuasecurity ipc-hdbw4xxx
- canonical/dahuasecurity ipc-hdbw5xxx firmware
- canonical/dahuasecurity ipc-hdbw5xxx