PT-2017-17010 · Dahua · Nvr Firmware+3
Ku7
·
Publicado
2017-02-27
·
Atualizado
2019-10-03
·
CVE-2017-6343
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10
Dahua DHI-HCVR7216A-S3 devices with Camera Firmware 2.400.0000.28.R
Dahua DHI-HCVR7216A-S3 devices with SmartPSS Software 1.16.1
Description
The issue allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password.
Recommendations
For Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10, update the firmware to a version that addresses this issue.
For Dahua DHI-HCVR7216A-S3 devices with Camera Firmware 2.400.0000.28.R, update the camera firmware to a version that addresses this issue.
For Dahua DHI-HCVR7216A-S3 devices with SmartPSS Software 1.16.1, update the SmartPSS software to a version that addresses this issue.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Camera Firmware
Dhi-Hcvr7216A-S3
Nvr Firmware
Smartpss