CVE-2013-3612
Dahua DVR - Hardcoded Password for Root and Backdoor Accounts
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-3612.
AI-analyzed exploit summary The provided code is a Metasploit module that exploits an authentication bypass vulnerability in Dahua DVR devices. It demonstrates the ability to retrieve sensitive information, reset user passwords, and clear logs without authentication by sending crafted binary protocol commands to TCP port 37777.
Description
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
Exploits (1)
The provided code is a Metasploit module that exploits an authentication bypass vulnerability in Dahua DVR devices. It demonstrates the ability to retrieve sensitive information, reset user passwords, and clear logs without authentication by sending crafted binary protocol commands to TCP port 37777.