CVE-2017-9314

Published: Nov 13, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

Affected (22)

Dahuasecurity

22 products

Nvr5464 16p 4ks2 Firmware

Nvr5208 8p 4ks2 Firmware

Nvr5432 16p 4ks2 Firmware

Nvr5416 16p 4ks2 Firmware

Nvr5464 4ks2 Firmware

Nvr5432 4ks2 Firmware

Nvr5416 4ks2 Firmware

Nvr5232 16p 4ks2 Firmware

Nvr5216 16p 4ks2 Firmware

Nvr5232 8p 4ks2 Firmware

Nvr5216 8p 4ks2 Firmware

Nvr5232 4ks2 Firmware

Nvr5216 4ks2 Firmware

Nvr5208 4ks2 Firmware

Nvr5816 4ks2 Firmware

Nvr5832 4ks2 Firmware

Nvr5864 4ks2 Firmware

Nvr5864 16p 4ks2 Firmware

Nvr5832 16p 4ks2 Firmware

Nvr5816 16p 4ks2 Firmware

Nvr5424 24p 4ks2 Firmware

Nvr5224 24p 4ks2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5464 16p 4ks2 Firmware	Before dh_nvr5464_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5464 16p 4ks2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5208 8p 4ks2 Firmware	Before dh_nvr5208_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5208 8p 4ks2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5432 16p 4ks2 Firmware	Before dh_nvr5432_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5432 16p 4ks2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5416 16p 4ks2 Firmware	Before dh_nvr5416_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5416 16p 4ks2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5464 4ks2 Firmware	Before dh_nvr5464_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5464 4ks2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5432 4ks2 Firmware	Before dh_nvr5432_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5432 4ks2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5416 4ks2 Firmware	Before dh_nvr5416_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5416 4ks2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5232 16p 4ks2 Firmware	Before dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5232 16p 4ks2	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5216 16p 4ks2 Firmware	Before dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5216 16p 4ks2	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5232 8p 4ks2 Firmware	Before dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5232 8p 4ks2	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5216 8p 4ks2 Firmware	Before dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5216 8p 4ks2	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5232 4ks2 Firmware	Before dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5232 4ks2	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5216 4ks2 Firmware	Before dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5216 4ks2	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5208 4ks2 Firmware	Before dh_nvr5208_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5208 4ks2	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5816 4ks2 Firmware	Before dh_nvr5816_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5816 4ks2	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5832 4ks2 Firmware	Before dh_nvr5832_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5832 4ks2	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5864 4ks2 Firmware	Before dh_nvr5864_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5864 4ks2	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5864 16p 4ks2 Firmware	Before dh_nvr5864_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5864 16p 4ks2	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5832 16p 4ks2 Firmware	Before dh_nvr5832_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5832 16p 4ks2	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5816 16p 4ks2 Firmware	Before dh_nvr5816_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5816 16p 4ks2	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5424 24p 4ks2 Firmware	Before dh_nvr5424_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5424 24p 4ks2	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5224 24p 4ks2 Firmware	Before dh_nvr5224_eng_p_v2.616.0000.0.r.20171102

Running on/with	Platform Versions
Dahuasecurity Nvr5224 24p 4ks2	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html

Source: cybersecurity@dahuatech.com

Issue TrackingVendor Advisory

http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.