Vulnerabilities > Dahuasecurity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-24 | CVE-2017-3223 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dahuasecurity IP Camera Firmware 2.400.0000.14.R.20170713/3.200.0001.6 Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. | 9.8 |
| 2018-05-23 | CVE-2017-9317 | Unspecified vulnerability in Dahuasecurity products Privilege escalation vulnerability found in some Dahua IP devices. | 8.8 |
| 2017-11-28 | CVE-2017-9315 | Unspecified vulnerability in Dahuasecurity products Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. | 9.8 |
| 2017-11-27 | CVE-2017-9316 | Improper Authentication vulnerability in Dahuasecurity products Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. | 6.5 |
| 2017-11-13 | CVE-2017-9314 | Improper Authentication vulnerability in Dahuasecurity products Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. | 8.8 |
| 2017-05-06 | CVE-2017-7927 | Use of Hard-coded Credentials vulnerability in Dahuasecurity products A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. | 7.3 |
| 2017-05-06 | CVE-2017-7925 | Insufficiently Protected Credentials vulnerability in Dahuasecurity products A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. | 9.8 |
| 2017-03-30 | CVE-2017-7253 | Insecure Storage of Sensitive Information vulnerability in Dahuasecurity IP Camera Firmware 3.200.0001.6 Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. | 8.8 |
| 2017-03-09 | CVE-2017-6432 | Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity NVR Firmware 3.210.0001.10 An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. | 8.1 |
| 2017-02-27 | CVE-2017-6343 | Improper Authentication vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. | 8.1 |