Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/800094 | US Government Resource |
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-09-17 05:04
Updated : 2013-09-17 09:15
NVD link : CVE-2013-3612
Mitre link : CVE-2013-3612
JSON object : View
CWE
CWE-255
Credentials Management Errors
Products Affected
dahuasecurity
- dvr5404
- dvr5204a
- dvr5116c
- dvr0404hd-s
- dvr5104c
- dvr2404lf-al
- dvr5204l
- dvr2108h
- dvr5216l
- dvr5104h
- dvr2404hf-s
- dvr3204hf-s
- dvr1604hd-s
- dvr0404hd-l
- dvr0804hf-s-e
- dvr0404hd-u
- dvr2116h
- dvr0804
- dvr5108c
- dvr3232l
- dvr2116c
- dvr5408
- dvr0804hf-u-e
- dvr5108h
- dvr5208l
- dvr0804hf-l-e
- dvr3204lf-s
- dvr5116he
- dvr0404hf-s-e
- dvr0804hf-a-e
- dvr5416
- dvr5808
- dvr0804hf-al-e
- dvr0404hf-a-e
- dvr2116he
- dvr5108he
- dvr2108he
- dvr2116hc
- dvr5816
- dvr6404lf-s
- dvr0804hd-l
- dvr2104c
- dvr1604hf-u-e
- dvr0404hf-al-e
- dvr0804hd-s
- dvr1604hf-al-e
- dvr5104he
- dvr3204lf-al
- dvr1604hf-l-e
- dvr5804
- dvr5208a
- dvr2404lf-s
- dvr0404hf-u-e
- dvr1604hf-a-e
- dvr3224l
- dvr2104he
- dvr2104h
- dvr1604hd-l
- dvr2108hc
- dvr5216a
- dvr0404hd-a
- dvr2104hc
- dvr2108c
- dvr1604hf-s-e
- dvr5116h