CVSS: 9.8EPSS: 0%CPEs: 56EXPL: 0CVE-2021-33046
https://notcve.org/view.php?id=CVE-2021-33046
13 Jan 2022 — Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords. Algunos productos Dahua presentan una vulnerabilidad de control de acceso en el proceso de restablecimiento de la contraseña. Los atacantes pueden explotar esta vulnerabilidad mediante implementaciones específicas para restablecer las contraseñas de los dispositivos • https://support.dahuatech.com/networkSecurity/securityDetails?id=95 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 0CVE-2017-7927
https://notcve.org/view.php?id=CVE-2017-7927
06 May 2017 — A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without o... • http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php • CWE-798: Use of Hard-coded Credentials CWE-836: Use of Password Hash Instead of Password for Authentication •
CVSS: 9.8EPSS: 20%CPEs: 30EXPL: 0CVE-2017-7925
https://notcve.org/view.php?id=CVE-2017-7925
06 May 2017 — A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. Se... • http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php • CWE-260: Password in Configuration File CWE-522: Insufficiently Protected Credentials •