Vulnerability Details CVE-2017-9316
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.8
References
- http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
- http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
Products affected by CVE-2017-9316
-
cpe:2.3:h:dahuasecurity:ipc-hdbw4x00:-
-
cpe:2.3:h:dahuasecurity:ipc-hdbw5x00:-
-
cpe:2.3:h:dahuasecurity:ipc-hdw4300s:-
-
cpe:2.3:h:dahuasecurity:ipc-hdw4x00:-
-
cpe:2.3:h:dahuasecurity:ipc-hdw5x00:-
-
cpe:2.3:h:dahuasecurity:ipc-hf5x00:-
-
cpe:2.3:h:dahuasecurity:ipc-hfw4x00:-
-
cpe:2.3:h:dahuasecurity:ipc-hfw5x00:-
-
cpe:2.3:h:dahuasecurity:nvr11hs:-
-
cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312
-
cpe:2.3:o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312
-
cpe:2.3:o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409
-
cpe:2.3:o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710
-
cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312
-
cpe:2.3:o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312
-
cpe:2.3:o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312
-
cpe:2.3:o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312
-
cpe:2.3:o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312
-
cpe:2.3:o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305
-
cpe:2.3:o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321