CVE-2017-9317

Published: May 23, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.

Affected (8)

Products: Dahuasecurity: Xvr5x16 Firmware, Xvr5x08 Firmware, Xvr5x04 Firmware, Xvr7x16 Firmware, Ipc Hdbw4xxx Firmware, Ipc Hdbw5xxx Firmware

6 products

Ipc Hdbw4xxx Firmware

Ipc Hdbw5xxx Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr5x16 Firmware	Before 3.218.0000002.1.r.171229

Running on/with	Platform Versions
Dahuasecurity Xvr5x16	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr5x08 Firmware	Before 3.218.0000002.1.r.171229

Running on/with	Platform Versions
Dahuasecurity Xvr5x08	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr5x04 Firmware	Before 3.218.0000002.1.r.171229

Running on/with	Platform Versions
Dahuasecurity Xvr5x04	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr7x16 Firmware	Before 3.218.0000002.1.r.171229

Running on/with	Platform Versions
Dahuasecurity Xvr7x16	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw4xxx Firmware	Before 2.622.0000000.18.r.20171110

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw4xxx Firmware	Before 2.621.0000.28.r.20170912

Running on/with	Platform Versions
Dahuasecurity Ipc Hdbw4xxx	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw5xxx Firmware	Before 2.622.0000000.18.r.20171110

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hdbw5xxx Firmware	Before 2.621.0000.28.r.20170912

Running on/with	Platform Versions
Dahuasecurity Ipc Hdbw5xxx	All versions

References (2)

https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337

Source: cybersecurity@dahuatech.com

PatchVendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.