CVE-2017-9316

moderate-risk
Published 2017-11-27

Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / HIGH complexity

Affected Products (20)

Nvr11Hs Firmware
Nvr11Hs Firmware
Nvr11Hs Firmware
Nvr11Hs Firmware
Nvr11Hs Firmware
Nvr11Hs Firmware
Nvr11Hs Firmware
Ipc-Hdw4300S Firmware
Ipc-Hdw4300S Firmware
Ipc-Hdw4300S Firmware
Ipc-Hfw4X00 Firmware
Ipc-Hdbw4X00 Firmware
Ipc-Hf5X00 Firmware
Ipc-Hfw5X00 Firmware
Ipc-Hfw5X00 Firmware
Ipc-Hdw5X00 Firmware
Ipc-Hdbw5X00 Firmware
Nvr11Hs Firmware
Nvr11Hs Firmware
Nvr11Hs Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vuln...
Patch http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vuln...
48
/ 100
moderate-risk
Severity 20/34 · Moderate
Exploitability 5/34 · Minimal
Exposure 23/34 · High