Vulnerability Description
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Ip Camera Firmware | 3.200.0001.6 |
| Dahuasecurity | Ip Camera | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97263Third Party AdvisoryVDB Entry
- https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02ExploitThird Party Advisory
- http://www.securityfocus.com/bid/97263Third Party AdvisoryVDB Entry
- https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02ExploitThird Party Advisory
FAQ
What is CVE-2017-7253?
CVE-2017-7253 is a vulnerability with a CVSS score of 8.8 (HIGH). Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with adm...
How severe is CVE-2017-7253?
CVE-2017-7253 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7253?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ip Camera Firmware, Dahuasecurity Ip Camera.