The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/800094 | US Government Resource |
Configurations
Configuration 1 (hide)
|
Information
Published : 2013-09-17 05:04
Updated : 2013-09-25 11:07
NVD link : CVE-2013-5754
Mitre link : CVE-2013-5754
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
dahuasecurity
- dvr5404
- dvr5204a
- dvr5116c
- dvr0404hd-s
- dvr5104c
- dvr2404lf-al
- dvr5204l
- dvr2108h
- dvr5216l
- dvr5104h
- dvr3204hf-s
- dvr2404hf-s
- dvr1604hd-s
- dvr0404hd-l
- dvr0804hf-s-e
- dvr0404hd-u
- dvr0804
- dvr2116h
- dvr5108c
- dvr3232l
- dvr2116c
- dvr5408
- dvr0804hf-u-e
- dvr5108h
- dvr5208l
- dvr0804hf-l-e
- dvr3204lf-s
- dvr5116he
- dvr0404hf-s-e
- dvr5416
- dvr0804hf-a-e
- dvr5808
- dvr0804hf-al-e
- dvr0404hf-a-e
- dvr2116he
- dvr5108he
- dvr2108he
- dvr2116hc
- dvr5816
- dvr6404lf-s
- dvr0804hd-l
- dvr2104c
- dvr1604hf-u-e
- dvr0404hf-al-e
- dvr0804hd-s
- dvr5104he
- dvr1604hf-al-e
- dvr3204lf-al
- dvr5804
- dvr1604hf-l-e
- dvr5208a
- dvr2404lf-s
- dvr0404hf-u-e
- dvr1604hf-a-e
- dvr3224l
- dvr2104hc
- dvr2104h
- dvr1604hd-l
- dvr2108hc
- dvr5216a
- dvr0404hd-a
- dvr2104he
- dvr2108c
- dvr1604hf-s-e
- dvr5116h