CVE-2013-5754

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/800094	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr3224l:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5404:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5408:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5416:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5216a:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5104h:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5108h:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2104hc:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5104he:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5804:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5116he:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5116h:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5108he:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5816:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2104c:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5204l:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2108hc:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5808:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2116hc:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2116he:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2104h:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5204a:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2116h:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr3232l:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2108h:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2104he:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5208a:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5216l:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2108he:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5104c:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2108c:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5116c:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr2116c:-:::::::*
	cpe:2.3:h:dahuasecurity:dvr5208l:-:::::::*
cpe:2.3:h:dahuasecurity:dvr5108c:-:::::::*

Information

Published : 2013-09-17 05:04

Updated : 2013-09-25 11:07

NVD link : CVE-2013-5754

Mitre link : CVE-2013-5754

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

dahuasecurity

dvr5404
dvr5204a
dvr5116c
dvr0404hd-s
dvr5104c
dvr2404lf-al
dvr5204l
dvr2108h
dvr5216l
dvr5104h
dvr3204hf-s
dvr2404hf-s
dvr1604hd-s
dvr0404hd-l
dvr0804hf-s-e
dvr0404hd-u
dvr0804
dvr2116h
dvr5108c
dvr3232l
dvr2116c
dvr5408
dvr0804hf-u-e
dvr5108h
dvr5208l
dvr0804hf-l-e
dvr3204lf-s
dvr5116he
dvr0404hf-s-e
dvr5416
dvr0804hf-a-e
dvr5808
dvr0804hf-al-e
dvr0404hf-a-e
dvr2116he
dvr5108he
dvr2108he
dvr2116hc
dvr5816
dvr6404lf-s
dvr0804hd-l
dvr2104c
dvr1604hf-u-e
dvr0404hf-al-e
dvr0804hd-s
dvr5104he
dvr1604hf-al-e
dvr3204lf-al
dvr5804
dvr1604hf-l-e
dvr5208a
dvr2404lf-s
dvr0404hf-u-e
dvr1604hf-a-e
dvr3224l
dvr2104hc
dvr2104h
dvr1604hd-l
dvr2108hc
dvr5216a
dvr0404hd-a
dvr2104he
dvr2108c
dvr1604hf-s-e
dvr5116h

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/800094", "name": "VU#800094", "tags": ["US Government Resource"], "refsource": "CERT-VN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-5754", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-09-17T12:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3224l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5404:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5408:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5416:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5216a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104hc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104he:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5804:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116he:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108he:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5816:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5204l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108hc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5808:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116hc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116he:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5204a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3232l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108h:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2104he:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5208a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5216l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108he:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5104c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2108c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5116c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr2116c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5208l:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:dahuasecurity:dvr5108c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-09-25T18:07Z"}

10.0 /10