CVE-2017-9317

moderate-risk
Published 2018-05-23

Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (6)

Xvr5X16 Firmware
Xvr5X08 Firmware
Xvr5X04 Firmware
Xvr7X16 Firmware
Ipc-Hdbw4Xxx Firmware
Ipc-Hdbw5Xxx Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337
Patch https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337
44
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 13/34 · Low