CVE-2017-6432

Опубликовано: 09 мар. 2017

Источник: nvd

CVSS3: 8.1

CVSS2: 9.3

EPSS Низкий

Описание

An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.

Ссылки

https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html
Third Party Advisory
https://twitter.com/null_ku7/status/839814344351240193
Press/Media Coverage
https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html
Third Party Advisory
https://twitter.com/null_ku7/status/839814344351240193
Press/Media Coverage

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.00168

Низкий

8.1 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-4ccc-2qgw-m2qj