Vulnerability Description
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Xvr5X16 Firmware | < 3.218.0000002.1.r.171229 |
| Dahuasecurity | Xvr5X16 | - |
| Dahuasecurity | Xvr5X08 Firmware | < 3.218.0000002.1.r.171229 |
| Dahuasecurity | Xvr5X08 | - |
| Dahuasecurity | Xvr5X04 Firmware | < 3.218.0000002.1.r.171229 |
| Dahuasecurity | Xvr5X04 | - |
| Dahuasecurity | Xvr7X16 Firmware | < 3.218.0000002.1.r.171229 |
| Dahuasecurity | Xvr7X16 | - |
| Dahuasecurity | Ipc-Hdbw4Xxx Firmware | < 2.622.0000000.18.r.20171110 |
| Dahuasecurity | Ipc-Hdbw4Xxx | - |
| Dahuasecurity | Ipc-Hdbw5Xxx Firmware | < 2.622.0000000.18.r.20171110 |
| Dahuasecurity | Ipc-Hdbw5Xxx | - |
References
- https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337PatchVendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337PatchVendor Advisory
FAQ
What is CVE-2017-9317?
CVE-2017-9317 is a vulnerability with a CVSS score of 8.8 (HIGH). Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtai...
How severe is CVE-2017-9317?
CVE-2017-9317 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9317?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Xvr5X16 Firmware, Dahuasecurity Xvr5X16, Dahuasecurity Xvr5X08 Firmware, Dahuasecurity Xvr5X08, Dahuasecurity Xvr5X04 Firmware.