CVE-2017-9314

CVSS V2 Medium 6.5 CVSS V3 High 8.8
Description
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.
Overview
  • CVE ID
  • CVE-2017-9314
  • Assigner
  • cybersecurity@dahuatech.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2017-11-13T16:29:00
  • Last Modified Date
  • 2017-11-29T18:53:03
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:dahuasecurity:nvr5464-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5464-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5208-8p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5208_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5208-8p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5432-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5432-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5416-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5416-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5464-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5464-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5432-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5432-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5416-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5416-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5232-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5232-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5216-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5216-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5232-8p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5232-8p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5216-8p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5216-8p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5232-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5232-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5216-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5216-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5208-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5208_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5208-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5816-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5816_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5816-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5832-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5832_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5832-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5864-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5864_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5864-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5864-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5864_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5864-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5832-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5832_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5832-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5816-16p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5816_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5816-16p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5424-24p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5424_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5424-24p-4ks2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:dahuasecurity:nvr5224-24p-4ks2_firmware:*:*:*:*:*:*:*:* 1 OR dh_nvr5224_eng_p_v2.616.0000.0.r.20171102
cpe:2.3:h:dahuasecurity:nvr5224-24p-4ks2:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.8
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html Issue Tracking Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2017-9314
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9314
History
Created Old Value New Value Data Type Notes
2022-05-10 08:10:24 Added to TrackCVE
2022-12-02 22:58:20 2017-11-13T16:29Z 2017-11-13T16:29:00 CVE Published Date updated
2022-12-02 22:58:20 2017-11-29T18:53:03 CVE Modified Date updated
2022-12-02 22:58:20 Analyzed Vulnerability Status updated