CVE-2013-3614

Dahua DVR - Weak Password Length Limit

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3614.

AI-analyzed exploit summary This is a functional Metasploit auxiliary module that exploits an authentication bypass vulnerability in Dahua DVR devices. It demonstrates the ability to retrieve sensitive information, reset passwords, and clear logs without authentication by sending crafted binary protocol commands to TCP port 37777.

Description

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.

Exploits (1)

exploitdb WORKING POC
webappshardware
https://www.exploit-db.com/exploits/29673

This is a functional Metasploit auxiliary module that exploits an authentication bypass vulnerability in Dahua DVR devices. It demonstrates the ability to retrieve sensitive information, reset passwords, and clear logs without authentication by sending crafted binary protocol commands to TCP port 37777.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Dahua web-enabled DVRs (v2.608.0000.0 and 2.608.GV00.0)
No auth needed
Prerequisites: Network access to the target device on TCP port 37777
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/800094

Scores

EPSS 0.0704
EPSS Percentile 93.4%

Details

CWE
CWE-264
Status published
Products (50)
dahuasecurity/dvr0404hd-a
dahuasecurity/dvr0404hd-l
dahuasecurity/dvr0404hd-s
dahuasecurity/dvr0404hd-u
dahuasecurity/dvr0404hf-a-e
dahuasecurity/dvr0404hf-al-e
dahuasecurity/dvr0404hf-s-e
dahuasecurity/dvr0404hf-u-e
dahuasecurity/dvr0804
dahuasecurity/dvr0804hd-l
... and 40 more
Published Sep 17, 2013
Tracked Since Feb 18, 2026