PT-2017-18843 · Dahua · Dahua Ipc-Hdw4300S+1
Publicado
2017-11-27
·
Atualizado
2017-12-20
·
CVE-2017-9316
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
Dahua IPC-HDW4300S (affected versions not specified)
Dahua IP products (affected versions not specified)
Description
A firmware upgrade authentication bypass issue was discovered, caused by an internal Debug function used for problem analysis and performance tuning during the product development phase. This function allowed the device to receive specific data without transmitting any, and it did not collect user privacy data or allow remote code execution.
Recommendations
For Dahua IPC-HDW4300S, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Dahua IP products, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dahua Ip Products
Dahua Ipc-Hdw4300S