CVSS: 9.8EPSS: 0%CPEs: 50EXPL: 0CVE-2017-9315 – Dahua Technology IP Camera Predictable Password Algorithm Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-9315
28 Nov 2017 — Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. >Los clientes de las cámaras Dahua IP o IP PTZ podrían enviar información relevante del dispositivo para recibir una contraseña temporal limitada temporalmente por un distribuidor autorizado de Dahua para resta... • http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 0CVE-2017-7927
https://notcve.org/view.php?id=CVE-2017-7927
06 May 2017 — A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without o... • http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php • CWE-798: Use of Hard-coded Credentials CWE-836: Use of Password Hash Instead of Password for Authentication •
CVSS: 9.8EPSS: 20%CPEs: 30EXPL: 0CVE-2017-7925
https://notcve.org/view.php?id=CVE-2017-7925
06 May 2017 — A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. Se... • http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php • CWE-260: Password in Configuration File CWE-522: Insufficiently Protected Credentials •