CVE-2017-6341

Name of the Vulnerable Software and Affected Versions Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 Dahua DHI-HCVR7216A-S3 devices with Camera Firmware 2.400.0000.28.R Dahua DHI-HCVR7216A-S3 devices with SmartPSS Software 1.16.1

Description The issue allows remote attackers to obtain sensitive information by sniffing the network. This is due to the devices sending cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces.

Recommendations For devices with NVR Firmware 3.210.0001.10, update the firmware to a version that does not send cleartext passwords. For devices with Camera Firmware 2.400.0000.28.R, update the firmware to a version that does not send cleartext passwords. For devices with SmartPSS Software 1.16.1, update the software to a version that does not send cleartext passwords. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.