CVE-2017-9315

Dahua Technology IP Camera Predictable Password Algorithm Remote Code Execution Vulnerability

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.

>Los clientes de las cámaras Dahua IP o IP PTZ podrían enviar información relevante del dispositivo para recibir una contraseña temporal limitada temporalmente por un distribuidor autorizado de Dahua para restablecer la contraseña de administrador. El algoritmo empleado en este mecanismo está potencialmente en riesgo de verse comprometido y, consecuentemente, empleado por el atacante.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack.

*Credits: Kenney LuTrend Micro

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-05-30 CVE Reserved
2017-11-28 CVE Published
2024-07-23 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw1xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hfw1xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw1xxx Search vendor "Dahuasecurity" for product "Ipc-hfw1xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw1xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdw1xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw1xxx Search vendor "Dahuasecurity" for product "Ipc-hdw1xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw1xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdbw1xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw1xxx Search vendor "Dahuasecurity" for product "Ipc-hdbw1xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw2xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hfw2xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw2xxx Search vendor "Dahuasecurity" for product "Ipc-hfw2xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw2xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdw2xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw2xxx Search vendor "Dahuasecurity" for product "Ipc-hdw2xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw2xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdbw2xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw2xxx Search vendor "Dahuasecurity" for product "Ipc-hdbw2xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw4xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hfw4xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw4xxx Search vendor "Dahuasecurity" for product "Ipc-hfw4xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw4xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdw4xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw4xxx Search vendor "Dahuasecurity" for product "Ipc-hdw4xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw4xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdbw4xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw4xxx Search vendor "Dahuasecurity" for product "Ipc-hdbw4xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hf5xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hf5xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hf5xxx Search vendor "Dahuasecurity" for product "Ipc-hf5xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw5xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hfw5xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw5xxx Search vendor "Dahuasecurity" for product "Ipc-hfw5xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw5xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdw5xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdw5xxx Search vendor "Dahuasecurity" for product "Ipc-hdw5xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw5xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdbw5xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw5xxx Search vendor "Dahuasecurity" for product "Ipc-hdbw5xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hf8xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hf8xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hf8xxx Search vendor "Dahuasecurity" for product "Ipc-hf8xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw8xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hfw8xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hfw8xxx Search vendor "Dahuasecurity" for product "Ipc-hfw8xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw8xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hdbw8xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hdbw8xxx Search vendor "Dahuasecurity" for product "Ipc-hdbw8xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-ebw8xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-ebw8xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-ebw8xxx Search vendor "Dahuasecurity" for product "Ipc-ebw8xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-pfw8xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-pfw8xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-pfw8xxx Search vendor "Dahuasecurity" for product "Ipc-pfw8xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd2xxxxx Firmware Search vendor "Dahuasecurity" for product "Dh-sd2xxxxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd2xxxxx Search vendor "Dahuasecurity" for product "Dh-sd2xxxxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-pdbw8xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-pdbw8xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-pdbw8xxx Search vendor "Dahuasecurity" for product "Ipc-pdbw8xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hum8xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hum8xxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hum8xxx Search vendor "Dahuasecurity" for product "Ipc-hum8xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Psd8xxxx Firmware Search vendor "Dahuasecurity" for product "Psd8xxxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Psd8xxxx Search vendor "Dahuasecurity" for product "Psd8xxxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd4xxxxx Firmware Search vendor "Dahuasecurity" for product "Dh-sd4xxxxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd4xxxxx Search vendor "Dahuasecurity" for product "Dh-sd4xxxxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd5xxxxx Firmware Search vendor "Dahuasecurity" for product "Dh-sd5xxxxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd5xxxxx Search vendor "Dahuasecurity" for product "Dh-sd5xxxxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd6xxxxx Firmware Search vendor "Dahuasecurity" for product "Dh-sd6xxxxx Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Dh-sd6xxxxx Search vendor "Dahuasecurity" for product "Dh-sd6xxxxx"	-	-	Safe