Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96456 | Third Party Advisory VDB Entry |
https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html | Third Party Advisory |
https://twitter.com/null_ku7/status/835649185168838657 | Third Party Advisory |
http://www.securityfocus.com/bid/96456 | Third Party Advisory VDB Entry |
https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html | Third Party Advisory |
https://twitter.com/null_ku7/status/835649185168838657 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/96456 - Third Party Advisory, VDB Entry | |
References | () https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html - Third Party Advisory | |
References | () https://twitter.com/null_ku7/status/835649185168838657 - Third Party Advisory |
Information
Published : 2017-02-27 07:59
Updated : 2024-11-21 03:29
NVD link : CVE-2017-6341
Mitre link : CVE-2017-6341
CVE.ORG link : CVE-2017-6341
JSON object : View
Products Affected
dahuasecurity
- dhi-hcvr7216a-s3
- camera_firmware
- smartpss_firmware
- nvr_firmware
CWE
CWE-319
Cleartext Transmission of Sensitive Information