Dahua DVR 2.608.0000.0 / 2.608.GV00.0 - Authentication Bypass (Metasploit)

CVE编号

CVE-2013-3612

利用情况

暂无

补丁情况

N/A

披露时间

2013-09-18

漏洞描述

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://www.kb.cert.org/vuls/id/800094

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	硬件	dahuasecurity	dvr0404hd-a	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0404hd-l	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0404hd-s	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0404hd-u	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0404hf-a-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0404hf-al-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0404hf-s-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0404hf-u-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804hd-l	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804hd-s	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804hf-a-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804hf-al-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804hf-l-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804hf-s-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr0804hf-u-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr1604hd-l	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr1604hd-s	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr1604hf-a-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr1604hf-al-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr1604hf-l-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr1604hf-s-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr1604hf-u-e	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2104c	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2104h	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2104hc	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2104he	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2108c	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2108h	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2108hc	-	-
	运行在以下环境
	硬件	dahuasecurity	dvr2108he	-	-
	运行在以下环境
硬件	dahuasecurity	dvr2116c	-	-
运行在以下环境
硬件	dahuasecurity	dvr2116h	-	-
运行在以下环境
硬件	dahuasecurity	dvr2116hc	-	-
运行在以下环境
硬件	dahuasecurity	dvr2116he	-	-
运行在以下环境
硬件	dahuasecurity	dvr2404hf-s	-	-
运行在以下环境
硬件	dahuasecurity	dvr2404lf-al	-	-
运行在以下环境
硬件	dahuasecurity	dvr2404lf-s	-	-
运行在以下环境
硬件	dahuasecurity	dvr3204hf-s	-	-
运行在以下环境
硬件	dahuasecurity	dvr3204lf-al	-	-
运行在以下环境
硬件	dahuasecurity	dvr3204lf-s	-	-
运行在以下环境
硬件	dahuasecurity	dvr3224l	-	-
运行在以下环境
硬件	dahuasecurity	dvr3232l	-	-
运行在以下环境
硬件	dahuasecurity	dvr5104c	-	-
运行在以下环境
硬件	dahuasecurity	dvr5104h	-	-
运行在以下环境
硬件	dahuasecurity	dvr5104he	-	-
运行在以下环境
硬件	dahuasecurity	dvr5108c	-	-
运行在以下环境
硬件	dahuasecurity	dvr5108h	-	-
运行在以下环境
硬件	dahuasecurity	dvr5108he	-	-
运行在以下环境
硬件	dahuasecurity	dvr5116c	-	-
运行在以下环境
硬件	dahuasecurity	dvr5116h	-	-
运行在以下环境
硬件	dahuasecurity	dvr5116he	-	-
运行在以下环境
硬件	dahuasecurity	dvr5204a	-	-
运行在以下环境
硬件	dahuasecurity	dvr5204l	-	-
运行在以下环境
硬件	dahuasecurity	dvr5208a	-	-
运行在以下环境
硬件	dahuasecurity	dvr5208l	-	-
运行在以下环境
硬件	dahuasecurity	dvr5216a	-	-
运行在以下环境
硬件	dahuasecurity	dvr5216l	-	-
运行在以下环境
硬件	dahuasecurity	dvr5404	-	-
运行在以下环境
硬件	dahuasecurity	dvr5408	-	-
运行在以下环境
硬件	dahuasecurity	dvr5416	-	-
运行在以下环境
硬件	dahuasecurity	dvr5804	-	-
运行在以下环境
硬件	dahuasecurity	dvr5808	-	-
运行在以下环境
硬件	dahuasecurity	dvr5816	-	-
运行在以下环境
硬件	dahuasecurity	dvr6404lf-s	-	-

CVSS3评分 10.0

• 攻击路径 网络
• 攻击复杂度 低
• 权限要求 无
• 影响范围 N/A
• 用户交互 无
• 可用性 完全地
• 保密性 完全地
• 完整性 完全地

AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-ID	漏洞类型

Exp相关链接

• https://www.exploit-db.com/exploits/29673

- avd.aliyun.com