Home / Early Warning / Vulnerabilidades / CVE-2013-5754

CVE-2013-5754

Type: 
Permissions, Privileges, and Access Control
Severity: 
High
Publication date: 
09/17/2013
Last modified: 
09/25/2013
Description
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
  • cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5816:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5808:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5804:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5416:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5408:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5404:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5216l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5216a:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5208l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5208a:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5204l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5204a:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5116he:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5116h:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5116c:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5108he:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5108h:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5108c:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5104he:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5104h:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr5104c:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr3232l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr3224l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2116he:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2116hc:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2116h:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2116c:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2108he:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2108hc:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2108h:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2108c:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2104he:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2104hc:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2104h:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr2104c:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields