PT-2017-17008 · Dahua · Nvr Firmware+3

Published

2017-02-27

Updated

2019-10-03

CVE-2017-6341

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 Dahua DHI-HCVR7216A-S3 devices with Camera Firmware 2.400.0000.28.R Dahua DHI-HCVR7216A-S3 devices with SmartPSS Software 1.16.1

Description The issue allows remote attackers to obtain sensitive information by sniffing the network. This is due to the devices sending cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces.

Recommendations For devices with NVR Firmware 3.210.0001.10, update the firmware to a version that does not send cleartext passwords. For devices with Camera Firmware 2.400.0000.28.R, update the firmware to a version that does not send cleartext passwords. For devices with SmartPSS Software 1.16.1, update the software to a version that does not send cleartext passwords. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2017-6341

Affected Products

Camera Firmware

Dhi-Hcvr7216A-S3

Nvr Firmware

Smartpss

PT-2017-17008 · Dahua · Nvr Firmware+3

CVE-2017-6341

Weakness Enumeration

Related Identifiers

Affected Products

References · 5