CVE-2017-6432

Name of the Vulnerable Software and Affected Versions Dahua DHI-HCVR7216A-S3 version 3.210.0001.10

Description An issue was discovered in the Dahua DVR Protocol, which operates on TCP Port 37777. This protocol is unencrypted and binary, allowing for a Man-in-the-Middle attack. Such an attack enables both sniffing and injections of packets, which can be used to create fully privileged new users and capture sensitive information.

Recommendations For Dahua DHI-HCVR7216A-S3 version 3.210.0001.10, consider restricting access to TCP Port 37777 to minimize the risk of exploitation. As a temporary workaround, limit the creation of new users and restrict access to sensitive information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.