CVE-2013-6117

EXPLOITED

Dahuasecurity Dvr Firmware - Authentication Bypass

Title source: rule

Description

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Exploits (3)

exploitdb WORKING POC

by Jake Reynolds · textwebappshardware

https://www.exploit-db.com/exploits/29673

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by milo2012 · remote

https://github.com/milo2012/CVE-2013-6117

View Code ZIP pw:eip

metasploit WORKING POC

by Tyler Bennett - Talos Consulting, Jake Reynolds - Depth Security · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/misc/dahua_dvr_auth_bypass.rb

View Code ZIP pw:eip

References (5)

Core 5

Core References

Various Sources x_refsource_misc

http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html

Mailing List mailing-list x_refsource_bugtraq

http://seclists.org/bugtraq/2013/Nov/62

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/99783

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/29673

Scores

EPSS 0.8973

EPSS Percentile 99.6%

Details

VulnCheck KEV 2025-02-27

CWE

CWE-287

Status published

Products (2)

dahuasecurity/dvr_firmware 2.608.0000.0

dahuasecurity/dvr_firmware 2.608.gv00.0

Published Jul 11, 2014

Tracked Since Feb 18, 2026