Vulnerability Details : CVE-2013-5754
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
Products affected by CVE-2013-5754
- cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3224l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3232l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5404:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5408:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5416:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5804:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5808:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5816:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5204l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5208l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5216l:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5204a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5208a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5216a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5104h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5108h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5116h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116h:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5104he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5108he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5116he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5104c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5108c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr5116c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116he:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104hc:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108hc:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116hc:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2104c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2108c:-:*:*:*:*:*:*:*
- cpe:2.3:h:dahuasecurity:dvr2116c:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5754
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5754
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-5754
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5754
-
http://www.kb.cert.org/vuls/id/800094
VU#800094 - Dahua Security DVRs contain multiple vulnerabilitiesUS Government Resource
Jump to