CVE-2017-9314 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2017-9314?

CVE-2017-9314 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-9314?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Nvr5464-16P-4Ks2 Firmware, Dahuasecurity Nvr5464-16P-4Ks2, Dahuasecurity Nvr5208-8P-4Ks2 Firmware, Dahuasecurity Nvr5208-8P-4Ks2, Dahuasecurity Nvr5432-16P-4Ks2 Firmware.

Vulnerability Description

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dahuasecurity	Nvr5464-16P-4Ks2 Firmware	< dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5464-16P-4Ks2	-
Dahuasecurity	Nvr5208-8P-4Ks2 Firmware	< dh_nvr5208_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5208-8P-4Ks2	-
Dahuasecurity	Nvr5432-16P-4Ks2 Firmware	< dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5432-16P-4Ks2	-
Dahuasecurity	Nvr5416-16P-4Ks2 Firmware	< dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5416-16P-4Ks2	-
Dahuasecurity	Nvr5464-4Ks2 Firmware	< dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5464-4Ks2	-
Dahuasecurity	Nvr5432-4Ks2 Firmware	< dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5432-4Ks2	-
Dahuasecurity	Nvr5416-4Ks2 Firmware	< dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5416-4Ks2	-
Dahuasecurity	Nvr5232-16P-4Ks2 Firmware	< dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5232-16P-4Ks2	-
Dahuasecurity	Nvr5216-16P-4Ks2 Firmware	< dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5216-16P-4Ks2	-
Dahuasecurity	Nvr5232-8P-4Ks2 Firmware	< dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5232-8P-4Ks2	-

Related Weaknesses (CWE)

CWE-287

References

http://www.dahuasecurity.com/annoucementsingle/security-advisory--authenticationIssue TrackingVendor Advisory
http://www.dahuasecurity.com/annoucementsingle/security-advisory--authenticationIssue TrackingVendor Advisory

FAQ

What is CVE-2017-9314?

CVE-2017-9314 is a vulnerability with a CVSS score of 8.8 (HIGH). Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to g...

How severe is CVE-2017-9314?

CVE-2017-9314 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9314?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Nvr5464-16P-4Ks2 Firmware, Dahuasecurity Nvr5464-16P-4Ks2, Dahuasecurity Nvr5208-8P-4Ks2 Firmware, Dahuasecurity Nvr5208-8P-4Ks2, Dahuasecurity Nvr5432-16P-4Ks2 Firmware.