CVE-2017-7927
Severity Score
7.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.
Un problema de Uso del Hash de Contraseña en Lugar de Contraseña para Autenticación se detectó en cámaras DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3 y DHI-HCVR58A32S-S2, de Dahua. Se identificó el uso de hash de contraseña en lugar de la contraseña para la vulnerabilidad de autenticación, lo que podría permitir a un usuario malicioso omitir la autenticación sin obtener la contraseña actual.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-18 CVE Reserved
- 2017-05-06 CVE Published
- 2023-04-15 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
- CWE-836: Use of Password Hash Instead of Password for Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/98312 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02 | Mitigation |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php | 2019-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdbw23a0rn-zs Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hdbw23a0rn-zs Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdbw23a0rn-zs Search vendor "Dahuasecurity" for product "Dh-ipc-hdbw23a0rn-zs" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdbw13a0sn Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hdbw13a0sn Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdbw13a0sn Search vendor "Dahuasecurity" for product "Dh-ipc-hdbw13a0sn" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdw1xxx Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hdw1xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdw1xxx Search vendor "Dahuasecurity" for product "Dh-ipc-hdw1xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdw2xxx Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hdw2xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdw2xxx Search vendor "Dahuasecurity" for product "Dh-ipc-hdw2xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdw4xxx Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hdw4xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hdw4xxx Search vendor "Dahuasecurity" for product "Dh-ipc-hdw4xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hfw1xxx Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hfw1xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hfw1xxx Search vendor "Dahuasecurity" for product "Dh-ipc-hfw1xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hfw2xxx Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hfw2xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hfw2xxx Search vendor "Dahuasecurity" for product "Dh-ipc-hfw2xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hfw4xxx Firmware Search vendor "Dahuasecurity" for product "Dh-ipc-hfw4xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-ipc-hfw4xxx Search vendor "Dahuasecurity" for product "Dh-ipc-hfw4xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-sd6cxx Firmware Search vendor "Dahuasecurity" for product "Dh-sd6cxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-sd6cxx Search vendor "Dahuasecurity" for product "Dh-sd6cxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-nvr1xxx Firmware Search vendor "Dahuasecurity" for product "Dh-nvr1xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-nvr1xxx Search vendor "Dahuasecurity" for product "Dh-nvr1xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-hcvr4xxx Firmware Search vendor "Dahuasecurity" for product "Dh-hcvr4xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Ddh-hcvr4xxx Search vendor "Dahuasecurity" for product "Ddh-hcvr4xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dh-hcvr5xxx Firmware Search vendor "Dahuasecurity" for product "Dh-hcvr5xxx Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dh-hcvr5xxx Search vendor "Dahuasecurity" for product "Dh-hcvr5xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dhi-hcvr51a04he-s3 Firmware Search vendor "Dahuasecurity" for product "Dhi-hcvr51a04he-s3 Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dhi-hcvr51a04he-s3 Search vendor "Dahuasecurity" for product "Dhi-hcvr51a04he-s3" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dhi-hcvr51a08he-s3 Firmware Search vendor "Dahuasecurity" for product "Dhi-hcvr51a08he-s3 Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dhi-hcvr51a08he-s3 Search vendor "Dahuasecurity" for product "Dhi-hcvr51a08he-s3" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Dhi-hcvr58a32s-s2 Firmware Search vendor "Dahuasecurity" for product "Dhi-hcvr58a32s-s2 Firmware" | - | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Dhi-hcvr58a32s-s2 Search vendor "Dahuasecurity" for product "Dhi-hcvr58a32s-s2" | - | - |
Safe
|