CVE-2017-9314

HIGH

Dahua NVR <DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102 - Auth Bypass

Title source: llm

Description

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory x_refsource_confirm

http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html

Scores

CVSS v3 8.8

EPSS 0.0093

EPSS Percentile 56.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (23)

Dahua Technologies/NVR50XX, VR52XX, VR54XX, VR58XX Versions Build between 2013 and 2017/10

dahuasecurity/nvr5208-4ks2_firmware < dh_nvr5208_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5208-8p-4ks2_firmware < dh_nvr5208_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5216-16p-4ks2_firmware < dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5216-4ks2_firmware < dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5216-8p-4ks2_firmware < dh_nvr5216_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5224-24p-4ks2_firmware < dh_nvr5224_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5232-16p-4ks2_firmware < dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5232-4ks2_firmware < dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

dahuasecurity/nvr5232-8p-4ks2_firmware < dh_nvr5232_eng_p_v2.616.0000.0.r.20171102

... and 13 more

Published Nov 13, 2017

Tracked Since Feb 18, 2026