Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MISC:DAHUA-IP-CAME-IN-DISC |
|---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Dahua IP Camera Username and Password Disclosure |
Release Date |
2018/10/31 |
Update Number |
3114 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Dahua IP Camera Username and Password Disclosure
This signature detects attempts to exploit a known vulnerability in Dahua IP Camera. A successful attack can lead to unauthorized information disclosure.
Extended Description
The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117.
Affected Products
- Dahuasecurity camera_firmware 2.400.0000.28.r
- Dahuasecurity nvr_firmware 3.210.0001.10
- Dahuasecurity smartpss_firmware 1.16.1
References
- BugTraq: 96449
- CVE: CVE-2017-6343