CVE-2017-9316

Published: Nov 27, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Exploitability: 2.2 / Impact: 4.2

Source: NVD

Description

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.

Affected (33)

Products: Dahuasecurity: Nvr11hs Firmware, Ipc Hdw4300s Firmware, Ipc Hfw4x00 Firmware, Ipc Hdw4x00 Firmware, Ipc Hdbw4x00 Firmware, Ipc Hf5x00 Firmware, Ipc Hfw5x00 Firmware, Ipc Hdw5x00 Firmware, Ipc Hdbw5x00 Firmware

Dahuasecurity

9 products

Nvr11hs Firmware

Ipc Hdw4300s Firmware

Ipc Hfw4x00 Firmware

Ipc Hdw4x00 Firmware

Ipc Hdbw4x00 Firmware

Ipc Hf5x00 Firmware

Ipc Hfw5x00 Firmware

Ipc Hdw5x00 Firmware

Ipc Hdbw5x00 Firmware

Configuration A

10 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.0.r.20150206
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.1.r.20150420
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.2.r.20150715
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.3.r.20150921
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.5.r.20160409
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.5.r.20160603
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.5.r.20160803
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.5.r.20161226
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.5.r.20170305
Dahuasecurity Nvr11hs Firmware	Version 3.210.0000.5.r.20170321

Running on/with	Platform Versions
Dahuasecurity Nvr11hs	All versions

Configuration B

9 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.240.0009.0.r.20131015
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.400.0000.0.r.20131231
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.420.0000.0.r.20140419
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.420.0002.0.r.20140621
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.420.0002.0.r.20140724
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.420.0005.0.r.20141205
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.420.0006.0.r.20150311
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.420.0007.0.r.20150409
Dahuasecurity Ipc Hdw4300s Firmware	Version 2.420.0008.0.r.20150710

Running on/with	Platform Versions
Dahuasecurity Ipc Hdw4300s	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hfw4x00 Firmware	Version 2.400.0000.3.r.20150312
Dahuasecurity Ipc Hfw4x00 Firmware	Version 2.420.0006.0.r.20150311

Running on/with	Platform Versions
Dahuasecurity Ipc Hfw4x00	All versions

Configuration D

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdw4x00 Firmware	Version 2.400.0000.3.r.20150312
Dahuasecurity Ipc Hdw4x00 Firmware	Version 2.420.0006.0.r.20150311

Running on/with	Platform Versions
Dahuasecurity Ipc Hdw4x00	All versions

Configuration E

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw4x00 Firmware	Version 2.400.0000.3.r.20150312
Dahuasecurity Ipc Hdbw4x00 Firmware	Version 2.420.0006.0.r.20150311

Running on/with	Platform Versions
Dahuasecurity Ipc Hdbw4x00	All versions

Configuration F

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hf5x00 Firmware	Version 2.400.0000.3.r.20150312
Dahuasecurity Ipc Hf5x00 Firmware	Version 2.420.0006.0.r.20150311

Running on/with	Platform Versions
Dahuasecurity Ipc Hf5x00	All versions

Configuration G

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hfw5x00 Firmware	Version 2.400.0000.3.r.20150312
Dahuasecurity Ipc Hfw5x00 Firmware	Version 2.420.0006.0.r.20150311

Running on/with	Platform Versions
Dahuasecurity Ipc Hfw5x00	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdw5x00 Firmware	Version 2.400.0000.3.r.20150312
Dahuasecurity Ipc Hdw5x00 Firmware	Version 2.420.0006.0.r.20150311

Running on/with	Platform Versions
Dahuasecurity Ipc Hdw5x00	All versions

Configuration I

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw5x00 Firmware	Version 2.400.0000.3.r.20150312
Dahuasecurity Ipc Hdbw5x00 Firmware	Version 2.420.0006.0.r.20150311

Running on/with	Platform Versions
Dahuasecurity Ipc Hdbw5x00	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html

Source: cybersecurity@dahuatech.com

PatchVendor Advisory

http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.