CVE-2013-5754

Name of the Vulnerable Software and Affected Versions Dahua DVR appliances (affected versions not specified)

Description The issue concerns the authorization mechanism in Dahua DVR appliances, where a hash string representing the current date can be used as a master password. This weakness allows remote attackers to gain administrative access and change the administrator password through various means, including (1) ActiveX, (2) a standalone client, or (3) other unspecified vectors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.