CVE-2013-3620

Current Description

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

Basic Data

PublishedSeptember 17, 2013
Last ModifiedSeptember 17, 2013
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-255
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareDahuasecurityDvr0404hd-a-*******
    2.3HardwareDahuasecurityDvr0404hd-l-*******
    2.3HardwareDahuasecurityDvr0404hd-s-*******
    2.3HardwareDahuasecurityDvr0404hd-u-*******
    2.3HardwareDahuasecurityDvr0404hf-a-e-*******
    2.3HardwareDahuasecurityDvr0404hf-al-e-*******
    2.3HardwareDahuasecurityDvr0404hf-s-e-*******
    2.3HardwareDahuasecurityDvr0404hf-u-e-*******
    2.3HardwareDahuasecurityDvr0804-*******
    2.3HardwareDahuasecurityDvr0804hd-l-*******
    2.3HardwareDahuasecurityDvr0804hd-s-*******
    2.3HardwareDahuasecurityDvr0804hf-a-e-*******
    2.3HardwareDahuasecurityDvr0804hf-al-e-*******
    2.3HardwareDahuasecurityDvr0804hf-l-e-*******
    2.3HardwareDahuasecurityDvr0804hf-s-e-*******
    2.3HardwareDahuasecurityDvr0804hf-u-e-*******
    2.3HardwareDahuasecurityDvr1604hd-l-*******
    2.3HardwareDahuasecurityDvr1604hd-s-*******
    2.3HardwareDahuasecurityDvr1604hf-a-e-*******
    2.3HardwareDahuasecurityDvr1604hf-al-e-*******
    2.3HardwareDahuasecurityDvr1604hf-l-e-*******
    2.3HardwareDahuasecurityDvr1604hf-s-e-*******
    2.3HardwareDahuasecurityDvr1604hf-u-e-*******
    2.3HardwareDahuasecurityDvr2104c-*******
    2.3HardwareDahuasecurityDvr2104h-*******
    2.3HardwareDahuasecurityDvr2104hc-*******
    2.3HardwareDahuasecurityDvr2104he-*******
    2.3HardwareDahuasecurityDvr2108c-*******
    2.3HardwareDahuasecurityDvr2108h-*******
    2.3HardwareDahuasecurityDvr2108hc-*******
    2.3HardwareDahuasecurityDvr2108he-*******
    2.3HardwareDahuasecurityDvr2116c-*******
    2.3HardwareDahuasecurityDvr2116h-*******
    2.3HardwareDahuasecurityDvr2116hc-*******
    2.3HardwareDahuasecurityDvr2116he-*******
    2.3HardwareDahuasecurityDvr2404hf-s-*******
    2.3HardwareDahuasecurityDvr2404lf-al-*******
    2.3HardwareDahuasecurityDvr2404lf-s-*******
    2.3HardwareDahuasecurityDvr3204hf-s-*******
    2.3HardwareDahuasecurityDvr3204lf-al-*******
    2.3HardwareDahuasecurityDvr3204lf-s-*******
    2.3HardwareDahuasecurityDvr3224l-*******
    2.3HardwareDahuasecurityDvr3232l-*******
    2.3HardwareDahuasecurityDvr5104c-*******
    2.3HardwareDahuasecurityDvr5104h-*******
    2.3HardwareDahuasecurityDvr5104he-*******
    2.3HardwareDahuasecurityDvr5108c-*******
    2.3HardwareDahuasecurityDvr5108h-*******
    2.3HardwareDahuasecurityDvr5108he-*******
    2.3HardwareDahuasecurityDvr5116c-*******
    2.3HardwareDahuasecurityDvr5116h-*******
    2.3HardwareDahuasecurityDvr5116he-*******
    2.3HardwareDahuasecurityDvr5204a-*******
    2.3HardwareDahuasecurityDvr5204l-*******
    2.3HardwareDahuasecurityDvr5208a-*******
    2.3HardwareDahuasecurityDvr5208l-*******
    2.3HardwareDahuasecurityDvr5216a-*******
    2.3HardwareDahuasecurityDvr5216l-*******
    2.3HardwareDahuasecurityDvr5404-*******
    2.3HardwareDahuasecurityDvr5408-*******
    2.3HardwareDahuasecurityDvr5416-*******
    2.3HardwareDahuasecurityDvr5804-*******
    2.3HardwareDahuasecurityDvr5808-*******
    2.3HardwareDahuasecurityDvr5816-*******
    2.3HardwareDahuasecurityDvr6404lf-s-*******

Vulnerable Software List

VendorProductVersions
Dahuasecurity Dvr5116h -
Dahuasecurity Dvr5116he -
Dahuasecurity Dvr5204a -
Dahuasecurity Dvr5204l -
Dahuasecurity Dvr5208a -
Dahuasecurity Dvr5208l -
Dahuasecurity Dvr5216a -
Dahuasecurity Dvr5216l -
Dahuasecurity Dvr5404 -
Dahuasecurity Dvr5408 -
Dahuasecurity Dvr5416 -
Dahuasecurity Dvr5804 -
Dahuasecurity Dvr5808 -
Dahuasecurity Dvr5816 -
Dahuasecurity Dvr6404lf-s -
Dahuasecurity Dvr0404hd-a -
Dahuasecurity Dvr0404hd-l -
Dahuasecurity Dvr0404hd-s -
Dahuasecurity Dvr0404hd-u -
Dahuasecurity Dvr0404hf-a-e -
Dahuasecurity Dvr0404hf-al-e -
Dahuasecurity Dvr0404hf-s-e -
Dahuasecurity Dvr0404hf-u-e -
Dahuasecurity Dvr0804 -
Dahuasecurity Dvr0804hd-l -
Dahuasecurity Dvr0804hd-s -
Dahuasecurity Dvr0804hf-a-e -
Dahuasecurity Dvr0804hf-al-e -
Dahuasecurity Dvr0804hf-l-e -
Dahuasecurity Dvr0804hf-s-e -
Dahuasecurity Dvr0804hf-u-e -
Dahuasecurity Dvr1604hd-l -
Dahuasecurity Dvr1604hd-s -
Dahuasecurity Dvr1604hf-a-e -
Dahuasecurity Dvr1604hf-al-e -
Dahuasecurity Dvr1604hf-l-e -
Dahuasecurity Dvr1604hf-s-e -
Dahuasecurity Dvr1604hf-u-e -
Dahuasecurity Dvr2104c -
Dahuasecurity Dvr2104h -
Dahuasecurity Dvr2104hc -
Dahuasecurity Dvr2104he -
Dahuasecurity Dvr2108c -
Dahuasecurity Dvr2108h -
Dahuasecurity Dvr2108hc -
Dahuasecurity Dvr2108he -
Dahuasecurity Dvr2116c -
Dahuasecurity Dvr2116h -
Dahuasecurity Dvr2116hc -
Dahuasecurity Dvr2116he -
Dahuasecurity Dvr2404hf-s -
Dahuasecurity Dvr2404lf-al -
Dahuasecurity Dvr2404lf-s -
Dahuasecurity Dvr3204hf-s -
Dahuasecurity Dvr3204lf-al -
Dahuasecurity Dvr3204lf-s -
Dahuasecurity Dvr3224l -
Dahuasecurity Dvr3232l -
Dahuasecurity Dvr5104c -
Dahuasecurity Dvr5104h -
Dahuasecurity Dvr5104he -
Dahuasecurity Dvr5108c -
Dahuasecurity Dvr5108h -
Dahuasecurity Dvr5108he -
Dahuasecurity Dvr5116c -

References

NameSourceURLTags
VU#800094http://www.kb.cert.org/vuls/id/800094CERT-VNUS Government Resource