Vulnerability Details : CVE-2017-9314
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-9314
- Dahuasecurity » Nvr5464-16p-4ks2 FirmwareVersions before (<) dh_nvr5464_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5464-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5208-8p-4ks2 FirmwareVersions before (<) dh_nvr5208_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5208-8p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5432-16p-4ks2 FirmwareVersions before (<) dh_nvr5432_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5432-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5416-16p-4ks2 FirmwareVersions before (<) dh_nvr5416_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5416-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5464-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5432-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5416-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5232-16p-4ks2 FirmwareVersions before (<) dh_nvr5232_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5232-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5216-16p-4ks2 FirmwareVersions before (<) dh_nvr5216_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5216-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5232-8p-4ks2 FirmwareVersions before (<) dh_nvr5232_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5232-8p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5216-8p-4ks2 FirmwareVersions before (<) dh_nvr5216_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5216-8p-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5232-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5216-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5208-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5816-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5832-4ks2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:nvr5864-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5864-16p-4ks2 FirmwareVersions before (<) dh_nvr5864_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5864-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5832-16p-4ks2 FirmwareVersions before (<) dh_nvr5832_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5832-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5816-16p-4ks2 FirmwareVersions before (<) dh_nvr5816_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5816-16p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5424-24p-4ks2 FirmwareVersions before (<) dh_nvr5424_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5424-24p-4ks2_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5224-24p-4ks2 FirmwareVersions before (<) dh_nvr5224_eng_p_v2.616.0000.0.r.20171102cpe:2.3:o:dahuasecurity:nvr5224-24p-4ks2_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-9314
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-9314
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-9314
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-9314
-
http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html
This page could not be foundIssue Tracking;Vendor Advisory
Jump to