.png)
.png)
.png)
.png)
Security Advisory – Authentication vulnerability found in some Dahua NVR
SA ID: DHCC-SA-201711-002
First Published: November 8, 2017
Summary:
Authentication vulnerability found in some Dahua NVR. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.
CVE ID: CVE-2017-9314
Vulnerability Score (CVSS V3.0 http://www.first.org/cvss/specification-document):
Base Score: 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Temporal Score: 5.9 (E:F/RL:O/RC:C)
Affected Product & Fix Software:
Affected Model | Version | Fix Software |
NVR50XX NVR52XX NVR54XX NVR58XX | Versions Build between 2013 and 2017/10 | DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102
|
Fixed software download:
Please download the corresponding fix software (or its newer version) as listed in the above table from Dahua website . Customers can also contact Dahua local technical support to obtain the fix software
Support Resources
Dahua technical team will be available to advise and support the upgrade process. For any questions or concerns related to cybersecurity, please contact Dahua at cybersecurity@dahuatech.com
We acknowledge the support of researcher Ilias el Matani who discovered this vulnerability and reported to DHCC
