Kirill Ermakov

**Name of the Vulnerable Software and Affected Versions** Dahua DVR appliances (affected versions not specified) **Description** The issue concerns hardcoded passwords for the `root` account and an unspecified backdoor account. This makes it easier for remote attackers to gain administrative access. Attackers can exploit this via authorization requests using `ActiveX`, a standalone client, or other unknown vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dahua DVR appliances (affected versions not specified) **Description** The issue is related to the improper restriction of UPnP requests, making it easier for remote attackers to gain access. This can be achieved through vectors involving a replay attack against the TELNET port. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dahua DVR appliances (affected versions not specified) **Description** The issue makes it easier for remote attackers to obtain access via a brute-force attack due to a small value for the maximum password length. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dahua DVR appliances (affected versions not specified) **Description** The issue concerns a password-hash algorithm used by Dahua DVR appliances, which has a short hash length. This makes it easier for attackers to discover cleartext passwords via a brute-force attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.