Vulnerability Description
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Dvr0404Hd-A | - |
| Dahuasecurity | Dvr0404Hd-L | - |
| Dahuasecurity | Dvr0404Hd-S | - |
| Dahuasecurity | Dvr0404Hd-U | - |
| Dahuasecurity | Dvr0404Hf-A-E | - |
| Dahuasecurity | Dvr0404Hf-Al-E | - |
| Dahuasecurity | Dvr0404Hf-S-E | - |
| Dahuasecurity | Dvr0404Hf-U-E | - |
| Dahuasecurity | Dvr0804 | - |
| Dahuasecurity | Dvr0804Hd-L | - |
| Dahuasecurity | Dvr0804Hd-S | - |
| Dahuasecurity | Dvr0804Hf-A-E | - |
| Dahuasecurity | Dvr0804Hf-Al-E | - |
| Dahuasecurity | Dvr0804Hf-L-E | - |
| Dahuasecurity | Dvr0804Hf-S-E | - |
| Dahuasecurity | Dvr0804Hf-U-E | - |
| Dahuasecurity | Dvr1604Hd-L | - |
| Dahuasecurity | Dvr1604Hd-S | - |
| Dahuasecurity | Dvr1604Hf-A-E | - |
| Dahuasecurity | Dvr1604Hf-Al-E | - |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/800094US Government Resource
- http://www.kb.cert.org/vuls/id/800094US Government Resource
FAQ
What is CVE-2013-3612?
CVE-2013-3612 is a vulnerability with a CVSS score of 10.0 (HIGH). Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via author...
How severe is CVE-2013-3612?
CVE-2013-3612 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3612?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Dvr0404Hd-A, Dahuasecurity Dvr0404Hd-L, Dahuasecurity Dvr0404Hd-S, Dahuasecurity Dvr0404Hd-U, Dahuasecurity Dvr0404Hf-A-E.