CVE-2017-9316
CVSS5.8
发布时间 :2017-11-27 12:29:00
修订时间 :2017-12-20 15:40:59
NM    

[原文]Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-287 [认证机制不恰当]

- CPE (受影响的平台与产品)

cpe:/o:dahuasecurity:ipc-hdbw4x00_firmware:2.400.0000.3.r.20150312
cpe:/o:dahuasecurity:ipc-hdbw4x00_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:ipc-hdbw5x00_firmware:2.400.0000.3.r.20150312
cpe:/o:dahuasecurity:ipc-hdbw5x00_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.240.0009.0.r.20131015
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.400.0000.0.r.20131231
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0000.0.r.20140419
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140621
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0002.0.r.20140724
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0005.0.r.20141205
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0007.0.r.20150409
cpe:/o:dahuasecurity:ipc-hdw4300s_firmware:2.420.0008.0.r.20150710
cpe:/o:dahuasecurity:ipc-hdw4x00_firmware:2.400.0000.3.r.20150312
cpe:/o:dahuasecurity:ipc-hdw4x00_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:ipc-hdw5x00_firmware:2.400.0000.3.r.20150312
cpe:/o:dahuasecurity:ipc-hdw5x00_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:ipc-hf5x00_firmware:2.400.0000.3.r.20150312
cpe:/o:dahuasecurity:ipc-hf5x00_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:ipc-hfw4x00_firmware:2.400.0000.3.r.20150312
cpe:/o:dahuasecurity:ipc-hfw4x00_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:ipc-hfw5x00_firmware:2.400.0000.3.r.20150312
cpe:/o:dahuasecurity:ipc-hfw5x00_firmware:2.420.0006.0.r.20150311
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.0.r.20150206
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.1.r.20150420
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.2.r.20150715
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.3.r.20150921
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160409
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160603
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20160803
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20161226
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170305
cpe:/o:dahuasecurity:nvr11hs_firmware:3.210.0000.5.r.20170321

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9316
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9316
(官方数据源) NVD

- 其它链接及资源

http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
(VENDOR_ADVISORY)  CONFIRM  http://www.dahuasecurity.com/annoucementsingle/security-advisory--high-risk-vulnerability-found-in-dahua-ipc-hdw4300s-and-some-ip-products_14731_231.html
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站