Vulnerability Details : CVE-2013-3613
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
Products affected by CVE-2013-3613
- cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3224l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3232l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5404:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5408:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5416:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5804:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5808:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5816:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5204l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5208l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5216l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5204a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5208a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5216a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5104h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5108h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5116h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5104he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5108he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5116he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5104c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5108c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5116c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104hc:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108hc:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116hc:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116c:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3613
8.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3613
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2013-3613
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3613
-
http://www.kb.cert.org/vuls/id/800094
VU#800094 - Dahua Security DVRs contain multiple vulnerabilitiesUS Government Resource
Jump to