Vulnerabilities > Dahuasecurity > Dvr3204Hf S > Critical

DATE CVE VULNERABILITY TITLE RISK
2013-09-17 CVE-2013-3612 Credentials Management vulnerability in Dahuasecurity products
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
network
low complexity
dahuasecurity CWE-255
critical
10.0
2013-09-17 CVE-2013-3614 Permissions, Privileges, and Access Controls vulnerability in Dahuasecurity products
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
network
dahuasecurity CWE-264
critical
9.3
2013-09-17 CVE-2013-5754 Permissions, Privileges, and Access Controls vulnerability in Dahuasecurity products
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
network
low complexity
dahuasecurity CWE-264
critical
10.0