CVE-2013-6117

EXPLOITED

Dahuasecurity Dvr Firmware - Authentication Bypass

Title source: rule

Description

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Exploits (3)

nomisec WORKING POC 8 stars

by milo2012 · remote

https://github.com/milo2012/CVE-2013-6117

View Code ZIP pw:eip

metasploit WORKING POC

by Tyler Bennett - Talos Consulting, Jake Reynolds - Depth Security · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass.rb

View Code ZIP pw:eip

exploitdb WORKING POC

by Jake Reynolds · textwebappshardware

https://www.exploit-db.com/exploits/29673

View Code ZIP pw:eip

References (5)

[Various Sources] http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html

[Mailing List] http://seclists.org/bugtraq/2013/Nov/62

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/29673

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/99783

Scores

EPSS 0.8973

EPSS Percentile 99.6%

Exploitation Intel

VulnCheck KEV 2025-02-27

Classification

CWE

CWE-287

Status draft

Affected Products (2)

dahuasecurity/dvr_firmware

Timeline

Published Jul 11, 2014

Tracked Since Feb 18, 2026