PT-2017-17010 · Dahua · Nvr Firmware+3
Ku7
·
Published
2017-02-27
·
Updated
2019-10-03
·
CVE-2017-6343
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10
Dahua DHI-HCVR7216A-S3 devices with Camera Firmware 2.400.0000.28.R
Dahua DHI-HCVR7216A-S3 devices with SmartPSS Software 1.16.1
Description
The issue allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password.
Recommendations
For Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10, update the firmware to a version that addresses this issue.
For Dahua DHI-HCVR7216A-S3 devices with Camera Firmware 2.400.0000.28.R, update the camera firmware to a version that addresses this issue.
For Dahua DHI-HCVR7216A-S3 devices with SmartPSS Software 1.16.1, update the SmartPSS software to a version that addresses this issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Camera Firmware
Dhi-Hcvr7216A-S3
Nvr Firmware
Smartpss