CVE-2013-6117

Published: Jul 11, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Affected (2)

Products: Dahuasecurity: Dvr Firmware

Dahuasecurity

1 product

Dvr Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dahuasecurity Dvr Firmware	Version 2.608.0000.0
Dahuasecurity Dvr Firmware	Version 2.608.gv00.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (10)

http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html

Source: cve@mitre.org

http://seclists.org/bugtraq/2013/Nov/62

Source: cve@mitre.org

http://www.exploit-db.com/exploits/29673

Source: cve@mitre.org

http://www.osvdb.org/99783

Source: cve@mitre.org

http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html