Vulnerabilidad en Dahua DVR (CVE-2013-5754)

Tipo: 
Permisos, privilegios y/o control de acceso
Gravedad: 
Crítica
Fecha publicación : 
17/09/2013
Última modificación: 
25/09/2013
Descripción
La implementación de autorización en Dahua DVR acepta un hash representando la fecha actual para el rol de contraseña maestra, lo que hace más fácil para un atacante remoto obtener acceso administrativo y cambiar la contraseña de administrador a través de peticiones (1) ActiveX, (2) cliente standalone o (3) vectores no especificados, una vulnerabilidad diferente a CVE-2013-3612
Impacto
Vector de acceso: A través de red
Complejidad de Acceso: Baja
Autenticación: No requerida para explotarla
Tipo de impacto: Compromiso total de la integridad del sistema + Compromiso total de la confidencialidad del sistema + Compromiso total de la disponibilidad del sistema
Productos y versiones vulnerables
  • Dahuasecurity Dvr6404lf-s -
  • Dahuasecurity Dvr5816 -
  • Dahuasecurity Dvr5808 -
  • Dahuasecurity Dvr5804 -
  • Dahuasecurity Dvr5416 -
  • Dahuasecurity Dvr5408 -
  • Dahuasecurity Dvr5404 -
  • Dahuasecurity Dvr5216l -
  • Dahuasecurity Dvr5216a -
  • Dahuasecurity Dvr5208l -
  • Dahuasecurity Dvr5208a -
  • Dahuasecurity Dvr5204l -
  • Dahuasecurity Dvr5204a -
  • Dahuasecurity Dvr5116he -
  • Dahuasecurity Dvr5116h -
  • Dahuasecurity Dvr5116c -
  • Dahuasecurity Dvr5108he -
  • Dahuasecurity Dvr5108h -
  • Dahuasecurity Dvr5108c -
  • Dahuasecurity Dvr5104he -
  • Dahuasecurity Dvr5104h -
  • Dahuasecurity Dvr5104c -
  • Dahuasecurity Dvr3232l -
  • Dahuasecurity Dvr3224l -
  • Dahuasecurity Dvr3204lf-s -
  • Dahuasecurity Dvr3204lf-al -
  • Dahuasecurity Dvr3204hf-s -
  • Dahuasecurity Dvr2404lf-s -
  • Dahuasecurity Dvr2404lf-al -
  • Dahuasecurity Dvr2404hf-s -
  • Dahuasecurity Dvr2116he -
  • Dahuasecurity Dvr2116hc -
  • Dahuasecurity Dvr2116h -
  • Dahuasecurity Dvr2116c -
  • Dahuasecurity Dvr2108he -
  • Dahuasecurity Dvr2108hc -
  • Dahuasecurity Dvr2108h -
  • Dahuasecurity Dvr2108c -
  • Dahuasecurity Dvr2104he -
  • Dahuasecurity Dvr2104hc -
  • Dahuasecurity Dvr2104h -
  • Dahuasecurity Dvr2104c -
  • Dahuasecurity Dvr1604hf-u-e -
  • Dahuasecurity Dvr1604hf-s-e -
  • Dahuasecurity Dvr1604hf-l-e -
  • Dahuasecurity Dvr1604hf-al-e -
  • Dahuasecurity Dvr1604hf-a-e -
  • Dahuasecurity Dvr1604hd-s -
  • Dahuasecurity Dvr1604hd-l -
  • Dahuasecurity Dvr0804hf-u-e -
  • Dahuasecurity Dvr0804hf-s-e -
  • Dahuasecurity Dvr0804hf-l-e -
  • Dahuasecurity Dvr0804hf-al-e -
  • Dahuasecurity Dvr0804hf-a-e -
  • Dahuasecurity Dvr0804hd-s -
  • Dahuasecurity Dvr0804hd-l -
  • Dahuasecurity Dvr0804 -
  • Dahuasecurity Dvr0404hf-u-e -
  • Dahuasecurity Dvr0404hf-s-e -
  • Dahuasecurity Dvr0404hf-al-e -
  • Dahuasecurity Dvr0404hf-a-e -
  • Dahuasecurity Dvr0404hd-u -
  • Dahuasecurity Dvr0404hd-s -
  • Dahuasecurity Dvr0404hd-l -
  • Dahuasecurity Dvr0404hd-a -
Referencias a soluciones, herramientas e información
Explicación de los campos