An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.
Published 2017-03-09 17:59:00
Updated 2019-10-03 00:03:26
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-6432

Probability of exploitation activity in the next 30 days: 0.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-6432

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
nvd@nist.gov
8.1
HIGH CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.2
5.9
nvd@nist.gov

CWE ids for CVE-2017-6432

References for CVE-2017-6432

Products affected by CVE-2017-6432

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!