CVE-2017-9316
MEDIUMDahua NVR11HS and IPC-HDW4300S Firmware - Authentication Bypass via Debug Function
Title source: llmDescription
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
Scores
CVSS v3
6.5
EPSS
0.0189
EPSS Percentile
77.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Details
CWE
CWE-287
Status
published
Products (34)
Dahua Technologies/IPC-HDW4300S\NVR11HS\IPC-HFW4X00\IPC-HDW4X00\IPC-HDBW4X00\IPC-HF5X00\IPC-HFW5X00\IPC-HDW5X00\IPC-HDBW5X00\NVR11HS
References are as :http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulne
dahuasecurity/ipc-hdbw4x00_firmware
2.400.0000.3.r.20150312
dahuasecurity/ipc-hdbw4x00_firmware
2.420.0006.0.r.20150311
dahuasecurity/ipc-hdbw5x00_firmware
2.400.0000.3.r.20150312
dahuasecurity/ipc-hdbw5x00_firmware
2.420.0006.0.r.20150311
dahuasecurity/ipc-hdw4300s_firmware
2.240.0009.0.r.20131015
dahuasecurity/ipc-hdw4300s_firmware
2.400.0000.0.r.20131231
dahuasecurity/ipc-hdw4300s_firmware
2.420.0000.0.r.20140419
dahuasecurity/ipc-hdw4300s_firmware
2.420.0002.0.r.20140621
dahuasecurity/ipc-hdw4300s_firmware
2.420.0002.0.r.20140724
... and 24 more
Published
Nov 27, 2017
Tracked Since
Feb 18, 2026