CVE-2017-6342

Published: Feb 27, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117.

Affected (3)

Products: Dahuasecurity: Camera Firmware, Nvr Firmware, Smartpss Firmware

3 products

Camera Firmware

Smartpss Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Camera Firmware	Version 2.400.0000.28.r
Dahuasecurity Nvr Firmware	Version 3.210.0001.10
Dahuasecurity Smartpss Firmware	Version 1.16.1

Running on/with	Platform Versions
Dahuasecurity Dhi Hcvr7216a S3	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

http://www.securityfocus.com/bid/96454

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/96454

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.