Vulnerabilities > CVE-2013-3612 - Credentials Management vulnerability in Dahuasecurity products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

dahuasecurity

CWE-255

exploit available

NVD

Published: 2013-09-17

Updated: 2024-11-21

Summary

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

Vulnerable Configurations

Part	Description	Count
Hardware	Dahuasecurity Dahuasecurity Dvr2104H - Dahuasecurity Dvr0404Hd A - Dahuasecurity Dvr1604Hd L - Dahuasecurity Dvr2104Hc - Dahuasecurity Dvr5216A - Dahuasecurity Dvr5104He - Dahuasecurity Dvr3204Lf AL - Dahuasecurity Dvr5204A - Dahuasecurity Dvr3204Hf S - Dahuasecurity Dvr0404Hd S - Dahuasecurity Dvr0804 - Dahuasecurity Dvr5104H - Dahuasecurity Dvr5804 - Dahuasecurity Dvr2116H - Dahuasecurity Dvr2404Lf AL - Dahuasecurity Dvr2404Hf S - Dahuasecurity Dvr3232L - Dahuasecurity Dvr5116He - Dahuasecurity Dvr0804Hf U E - Dahuasecurity Dvr0804Hd L - Dahuasecurity Dvr5116H - Dahuasecurity Dvr5108He - Dahuasecurity Dvr2108H - Dahuasecurity Dvr0804Hf S E - Dahuasecurity Dvr0804Hf L E - Dahuasecurity Dvr5408 - Dahuasecurity Dvr5816 - Dahuasecurity Dvr2104He - Dahuasecurity Dvr5208A - Dahuasecurity Dvr2404Lf S - Dahuasecurity Dvr0404Hd L - Dahuasecurity Dvr0404Hf U E - Dahuasecurity Dvr5108H - Dahuasecurity Dvr2104C - Dahuasecurity Dvr5216L - Dahuasecurity Dvr0404Hf A E - Dahuasecurity Dvr2108He - Dahuasecurity Dvr5204L - Dahuasecurity Dvr5104C - Dahuasecurity Dvr2108Hc - Dahuasecurity Dvr2108C - Dahuasecurity Dvr1604Hf U E - Dahuasecurity Dvr0804Hf A E - Dahuasecurity Dvr6404Lf S - Dahuasecurity Dvr1604Hf S E - Dahuasecurity Dvr3204Lf S - Dahuasecurity Dvr0804Hd S - Dahuasecurity Dvr0404Hf AL E - Dahuasecurity Dvr5404 - Dahuasecurity Dvr1604Hf L E - Dahuasecurity Dvr5116C - Dahuasecurity Dvr1604Hf AL E - Dahuasecurity Dvr0404Hd U - Dahuasecurity Dvr3224L - Dahuasecurity Dvr5416 - Dahuasecurity Dvr1604Hf A E - Dahuasecurity Dvr0804Hf AL E - Dahuasecurity Dvr1604Hd S - Dahuasecurity Dvr2116C - Dahuasecurity Dvr5808 - Dahuasecurity Dvr5208L - Dahuasecurity Dvr0404Hf S E - Dahuasecurity Dvr5108C - Dahuasecurity Dvr2116Hc - Dahuasecurity Dvr2116He -	65

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass. CVE-2013-3612,CVE-2013-3613,CVE-2013-3614,CVE-2013-3615,CVE-2013-6117. Webapps exploit for h...
file	exploits/hardware/webapps/29673.txt
id	EDB-ID:29673
last seen	2016-02-03
modified	2013-11-18
platform	hardware
port	37777
published	2013-11-18
reporter	Jake Reynolds
source	https://www.exploit-db.com/download/29673/
title	Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass
type	webapps

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:83161
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-83161
title	Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Seebug

References