Vulnerabilities > Dahuasecurity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-30 | CVE-2017-7253 | Insecure Storage of Sensitive Information vulnerability in Dahuasecurity IP Camera Firmware 3.200.0001.6 Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. | 9.0 |
| 2017-03-09 | CVE-2017-6432 | Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity NVR Firmware 3.210.0001.10 An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. | 9.3 |
| 2017-02-27 | CVE-2017-6343 | Improper Authentication vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. | 9.3 |
| 2017-02-27 | CVE-2017-6342 | Improper Privilege Management vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. | 10.0 |
| 2017-02-27 | CVE-2017-6341 | Cleartext Transmission of Sensitive Information vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. | 4.3 |
| 2014-07-11 | CVE-2013-6117 | Improper Authentication vulnerability in Dahuasecurity DVR Firmware 2.608.0000.0/2.608.Gv00.0 Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. | 7.5 |
| 2013-09-17 | CVE-2013-5754 | Permissions, Privileges, and Access Controls vulnerability in Dahuasecurity products The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612. | 10.0 |
| 2013-09-17 | CVE-2013-3615 | Credentials Management vulnerability in Dahuasecurity products Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack. | 7.8 |
| 2013-09-17 | CVE-2013-3614 | Permissions, Privileges, and Access Controls vulnerability in Dahuasecurity products Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.3 |
| 2013-09-17 | CVE-2013-3613 | Improper Authentication vulnerability in Dahuasecurity products Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port. | 7.8 |