CVE-2017-7925 — CRITICAL (9.8)

Vulnerability Description

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dahuasecurity	Dh-Ipc-Hdbw23A0Rn-Zs Firmware	-
Dahuasecurity	Dh-Ipc-Hdbw23A0Rn-Zs	-
Dahuasecurity	Dh-Ipc-Hdbw13A0Sn Firmware	-
Dahuasecurity	Dh-Ipc-Hdbw13A0Sn	-
Dahuasecurity	Dh-Ipc-Hdw1Xxx Firmware	-
Dahuasecurity	Dh-Ipc-Hdw1Xxx	-
Dahuasecurity	Dh-Ipc-Hdw2Xxx Firmware	-
Dahuasecurity	Dh-Ipc-Hdw2Xxx	-
Dahuasecurity	Dh-Ipc-Hdw4Xxx Firmware	-
Dahuasecurity	Dh-Ipc-Hdw4Xxx	-
Dahuasecurity	Dh-Ipc-Hfw1Xxx Firmware	-
Dahuasecurity	Dh-Ipc-Hfw1Xxx	-
Dahuasecurity	Dh-Ipc-Hfw2Xxx Firmware	-
Dahuasecurity	Dh-Ipc-Hfw2Xxx	-
Dahuasecurity	Dh-Ipc-Hfw4Xxx Firmware	-
Dahuasecurity	Dh-Ipc-Hfw4Xxx	-
Dahuasecurity	Dh-Sd6Cxx Firmware	-
Dahuasecurity	Dh-Sd6Cxx	-
Dahuasecurity	Dh-Nvr1Xxx Firmware	-
Dahuasecurity	Dh-Nvr1Xxx	-

Related Weaknesses (CWE)

CWE-260 CWE-522

References

http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.phpPatchVendor Advisory
http://www.securityfocus.com/bid/98312Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02MitigationThird Party AdvisoryUS Government Resource
http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.phpPatchVendor Advisory
http://www.securityfocus.com/bid/98312Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-7925?

CVE-2017-7925 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, ...

How severe is CVE-2017-7925?

CVE-2017-7925 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-7925?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Dh-Ipc-Hdbw23A0Rn-Zs Firmware, Dahuasecurity Dh-Ipc-Hdbw23A0Rn-Zs, Dahuasecurity Dh-Ipc-Hdbw13A0Sn Firmware, Dahuasecurity Dh-Ipc-Hdbw13A0Sn, Dahuasecurity Dh-Ipc-Hdw1Xxx Firmware.