CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-6432

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.6%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 9.3

References

https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html
https://twitter.com/null_ku7/status/839814344351240193
https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html
https://twitter.com/null_ku7/status/839814344351240193

Products affected by CVE-2017-6432

Dahuasecurity » Dhi-Hcvr7216a-S3 » Version: N/A

cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-
Dahuasecurity » Nvr Firmware » Version: 3.210.0001.10

cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6432

Products

Pricing

Contact Us