CVE-2017-9314

high-risk
Published 2017-11-13

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

Do I need to act?

-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Nvr5464-16P-4Ks2 Firmware
Nvr5432-16P-4Ks2 Firmware
Nvr5416-16P-4Ks2 Firmware
Nvr5464-4Ks2 Firmware
Nvr5416-4Ks2 Firmware
Nvr5232-8P-4Ks2 Firmware
Nvr5208-4Ks2 Firmware
Nvr5832-4Ks2 Firmware
Nvr5832-16P-4Ks2 Firmware
Nvr5816-16P-4Ks2 Firmware
Nvr5224-24P-4Ks2 Firmware
Nvr5208-8P-4Ks2 Firmware
Nvr5432-4Ks2 Firmware
Nvr5232-16P-4Ks2 Firmware
Nvr5216-16P-4Ks2 Firmware
Nvr5216-8P-4Ks2 Firmware
Nvr5232-4Ks2 Firmware
Nvr5216-4Ks2 Firmware
Nvr5816-4Ks2 Firmware
Nvr5864-4Ks2 Firmware

Affected Vendors

Dahuasecurity

References (2)

Issue Tracking http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication...
Issue Tracking http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication...
51
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 20/34 · Moderate