CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6341
https://notcve.org/view.php?id=CVE-2017-6341
27 Feb 2017 — Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. Dispositivos Dahua DHI-HCVR7216A-S3 con NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2... • http://www.securityfocus.com/bid/96456 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.3EPSS: 21%CPEs: 4EXPL: 0CVE-2017-6343
https://notcve.org/view.php?id=CVE-2017-6343
27 Feb 2017 — The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. La interfaz web de los dispostivos Dahua DHI-HCVR7216A-S3 con NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29 ... • http://www.securityfocus.com/bid/96449 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 95%CPEs: 2EXPL: 3CVE-2013-6117 – Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-6117
14 Nov 2013 — Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. Dahua DVR 2.608.0000.0 y 2.608.GV00.0 permite a atacantes remotos evadir la autenticación y obtener información sensible que incluye las credenciales de usarios, cambiar las contraseñas de usuarios, limpiar los ficheros de registros y realizar otras acciones a tr... • https://www.exploit-db.com/exploits/29673 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 65EXPL: 1CVE-2013-3612 – Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-3612
17 Sep 2013 — Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors. Los dispositivos Dahua DVR tiene una contraseña fija para (1) la cuenta de administrador y (2) una cuenta de puerta trasera no especificada, lo que facilita a atacantes remotos a obtener acceso administrativo a través... • https://www.exploit-db.com/exploits/29673 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 1CVE-2013-3614 – Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-3614
17 Sep 2013 — Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. Los aparatos Dahua DVR tienen un valor pequeño para la máxima longitud de la contraseña, lo que facilita a atacantes remotos el acceso a través de ataques de fuerza bruta. • https://www.exploit-db.com/exploits/29673 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 65EXPL: 0CVE-2013-5754
https://notcve.org/view.php?id=CVE-2013-5754
17 Sep 2013 — The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612. La implementación de autorización en Dahua DVR acepta un hash representando la fecha actual para el rol de contras... • http://www.kb.cert.org/vuls/id/800094 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 1CVE-2013-3613 – Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-3613
17 Sep 2013 — Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. Los dispositivos Dahua DVR no restringen adecuadamente las peticiones UPnP, lo que hace que sea más fácil para los atacantes remotos conseguir acceso a través de vectores que involucran un ataque por repetición contra el puerto Telnet . • https://www.exploit-db.com/exploits/29673 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 65EXPL: 1CVE-2013-3615 – Dahua DVR 2.608.0000.0/2.608.GV00.0 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-3615
17 Sep 2013 — Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. Los DVR Dashua usan un algoritmo de hash para contraseñas con una longitud de hash corta lo que facilita a atacantes en el contexto descubrir contraseñas de texto plano a través de ataques de fuerza bruta • https://www.exploit-db.com/exploits/29673 • CWE-255: Credentials Management Errors •