Details of VAR-201705-3742

ID

VAR-201705-3742

CVE

CVE-2017-7923

TITLE

plural Hikvision Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-003962

DESCRIPTION

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. plural Hikvision The product contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikvisionDS-2CD2xx2F-ISeries and other are the webcam products of Hikvision. Multiple Hikvision Cameras are prone to an information-disclosure vulnerability and an authentication-bypass vulnerability. Other attacks are also possible. Hikvision DS-2CD2xx2F-I Series are all network camera products of China Hikvision Company. Security flaws exist in several Hikvision products

Trust: 2.79

sources: NVD: CVE-2017-7923 // JVNDB: JVNDB-2017-003962 // CNVD: CNVD-2017-08191 // BID: 98313 // IVD: b6c80079-e3d5-43f9-8262-24f539b4d669 // VULHUB: VHN-116126 // VULMON: CVE-2017-7923

IOT TAXONOMY

category:	['IoT', 'ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: b6c80079-e3d5-43f9-8262-24f539b4d669 // CNVD: CNVD-2017-08191

AFFECTED PRODUCTS

vendor:	hikvision	model:	ds-2cd4332fwd-i\	scope:	eq	version:	-	Trust: 4.8
vendor:	hikvision	model:	ds-2cd4324f-i\	scope:	eq	version:	-	Trust: 4.8
vendor:	hikvision	model:	ds-2cd4312f-i\	scope:	eq	version:	-	Trust: 3.6
vendor:	hikvision	model:	ds-2cd4212fwd-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4012fwd-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4032fwd-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4024f-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4212f-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4232fwd-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4224f-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4012f-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision digital	model:	ds-2cd4012f-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4012fwd-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4024f-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4032fwd-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4212f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4212fwd-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4224f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4232fwd-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4312f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4324f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4332fwd-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision	model:	ds-2cd6412fwd	scope:	eq	version:	-	Trust: 1.6
vendor:	hikvision	model:	ds-2cd63xx series	scope:	eq	version:	-	Trust: 1.6
vendor:	hikvision	model:	ds-2dfx series	scope:	eq	version:	-	Trust: 1.6
vendor:	hikvision	model:	ds-2cd2032-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2632f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4132fwd-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2512f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2732f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4112fwd-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2312-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2332-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2612f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2t32-i3	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2t32-i8	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2t32-i5	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2212-i5	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2232-i5	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2112-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2532f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4112f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2712f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4124f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2412f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2432f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2132-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision digital	model:	ds-2cd2032-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2112-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2132-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2212-i5	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2232-i5	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2312-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2332-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2412f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2432f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2512f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2532f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2612f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2632f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2712f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2732f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2t32-i3	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2t32-i5	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2t32-i8	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4112f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4112fwd-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4124f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4132fwd-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd63xx series	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd6412fwd	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2dfx series	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision	model:	ds-2cd2xx0f-i series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160401	Trust: 0.6
vendor:	hikvision	model:	ds-2dfx series build build	scope:	gte	version:	v5.2.0140805,<=v5.4.5160928	Trust: 0.6
vendor:	hikvision	model:	ds-2cd63xx series build build	scope:	gte	version:	v5.0.9140305,<=v5.3.5160106	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx2f-i series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160530	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx2fwd series build build	scope:	gte	version:	v5.3.1150410,<=v5.4.4161125	Trust: 0.6
vendor:	hikvision	model:	ds-2cd4x2xfwd series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160414	Trust: 0.6
vendor:	hikvision	model:	ds-2cd4xx5 series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160421	Trust: 0.6
vendor:	hikvision	model:	digital technology ds-2dfx series build	scope:	eq	version:	5.4.5160928	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2dfx series build	scope:	eq	version:	5.2140805	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd63xx series build	scope:	eq	version:	5.3.5160106	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd63xx series build	scope:	eq	version:	5.0.9140305	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4xx5 series build	scope:	eq	version:	5.4160421	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4xx5 series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4x2xfwd series build	scope:	eq	version:	5.4160414	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4x2xfwd series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2fwd series build	scope:	eq	version:	5.4.4161125	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2fwd series build	scope:	eq	version:	5.3.1150410	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2f-i series build	scope:	eq	version:	5.4160530	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2f-i series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx0f-i series build	scope:	eq	version:	5.4160401	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx0f-i series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2dfx series build	scope:	ne	version:	5.4.9170123	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd63xx series build	scope:	ne	version:	5.4.5170206	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4xx5 series build	scope:	ne	version:	5.4.5170302	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4x2xfwd series build	scope:	ne	version:	5.4.5170228	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2fwd series build	scope:	ne	version:	5.4.5170124	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2f-i series build	scope:	ne	version:	5.4.5170123	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx0f-i series build	scope:	ne	version:	5.4.5170123	Trust: 0.3
vendor:	ds 2cd2032 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2112 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2132 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2212 i5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2232 i5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2312 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2332 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2412f i w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2432f i w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2512f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2532f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2612f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2632f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2712f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2732f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2t32 i3	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2t32 i5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2t32 i8	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012f a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012f p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012f w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012fwd a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012fwd p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012fwd w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4024f a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4024f p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4024f w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4032fwd a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4032fwd p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4032fwd w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4112f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4112fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4124f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4132fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212fwd i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212fwd i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4224f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4224f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4224f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4232fwd i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4232fwd i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4232fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4312f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4312f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4312f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4324f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4324f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4324f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4332fwd i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4332fwd i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4332fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd6412fwd	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2dfx series	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd63xx series	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: b6c80079-e3d5-43f9-8262-24f539b4d669 // CNVD: CNVD-2017-08191 // BID: 98313 // JVNDB: JVNDB-2017-003962 // CNNVD: CNNVD-201704-1047 // NVD: CVE-2017-7923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7923
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-7923
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-08191
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-1047
value:	MEDIUM
Trust: 0.6
IVD:	b6c80079-e3d5-43f9-8262-24f539b4d669
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-116126
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-7923
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7923
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-08191
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	b6c80079-e3d5-43f9-8262-24f539b4d669
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-116126
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7923
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: b6c80079-e3d5-43f9-8262-24f539b4d669 // CNVD: CNVD-2017-08191 // VULHUB: VHN-116126 // VULMON: CVE-2017-7923 // JVNDB: JVNDB-2017-003962 // CNNVD: CNNVD-201704-1047 // NVD: CVE-2017-7923

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-260	Trust: 1.8

sources: VULHUB: VHN-116126 // JVNDB: JVNDB-2017-003962 // NVD: CVE-2017-7923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1047

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201704-1047

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003962

PATCH

title:	Privilege-Escalating Vulnerability Notice	url:	http://www.hikvision.com/us/about_10807.html	Trust: 0.8
title:	Security Notification: Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras	url:	http://www.hikvision.com/us/about_10805.html	Trust: 0.8
title:	Hikvision patch for multiple camera profile password vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/94421	Trust: 0.6

sources: CNVD: CNVD-2017-08191 // JVNDB: JVNDB-2017-003962

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7923	Trust: 3.7
db:	ICS CERT	id:	ICSA-17-124-01	Trust: 2.9
db:	BID	id:	98313	Trust: 2.1
db:	CNNVD	id:	CNNVD-201704-1047	Trust: 0.9
db:	CNVD	id:	CNVD-2017-08191	Trust: 0.8
db:	JVN	id:	JVNVU92379282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-003962	Trust: 0.8
db:	IVD	id:	B6C80079-E3D5-43F9-8262-24F539B4D669	Trust: 0.2
db:	VULHUB	id:	VHN-116126	Trust: 0.1
db:	VULMON	id:	CVE-2017-7923	Trust: 0.1

sources: IVD: b6c80079-e3d5-43f9-8262-24f539b4d669 // CNVD: CNVD-2017-08191 // VULHUB: VHN-116126 // VULMON: CVE-2017-7923 // BID: 98313 // JVNDB: JVNDB-2017-003962 // CNNVD: CNNVD-201704-1047 // NVD: CVE-2017-7923

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-124-01	Trust: 3.0
url:	http://www.hikvision.com/us/about_10807.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7923	Trust: 1.4
url:	http://www.securityfocus.com/bid/98313	Trust: 1.3
url:	https://ghostbin.com/paste/q2vq2	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7923	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92379282/index.html	Trust: 0.8
url:	https://ipcamtalk.com/threads/backdoor-found-in-hikvision-cameras.17523/	Trust: 0.8
url:	http://hikvision.com/en/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-08191 // VULHUB: VHN-116126 // VULMON: CVE-2017-7923 // BID: 98313 // JVNDB: JVNDB-2017-003962 // CNNVD: CNNVD-201704-1047 // NVD: CVE-2017-7923

CREDITS

Montecrypto

Trust: 0.3

sources: BID: 98313

SOURCES

db:	IVD	id:	b6c80079-e3d5-43f9-8262-24f539b4d669
db:	CNVD	id:	CNVD-2017-08191
db:	VULHUB	id:	VHN-116126
db:	VULMON	id:	CVE-2017-7923
db:	BID	id:	98313
db:	JVNDB	id:	JVNDB-2017-003962
db:	CNNVD	id:	CNNVD-201704-1047
db:	NVD	id:	CVE-2017-7923

LAST UPDATE DATE

2024-08-14T15:13:31.520000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-08191	date:	2017-06-05T00:00:00
db:	VULHUB	id:	VHN-116126	date:	2017-12-19T00:00:00
db:	VULMON	id:	CVE-2017-7923	date:	2017-12-19T00:00:00
db:	BID	id:	98313	date:	2017-05-23T16:23:00
db:	JVNDB	id:	JVNDB-2017-003962	date:	2017-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-1047	date:	2017-05-09T00:00:00
db:	NVD	id:	CVE-2017-7923	date:	2017-12-19T02:29:42.223

SOURCES RELEASE DATE

db:	IVD	id:	b6c80079-e3d5-43f9-8262-24f539b4d669	date:	2017-06-05T00:00:00
db:	CNVD	id:	CNVD-2017-08191	date:	2017-06-05T00:00:00
db:	VULHUB	id:	VHN-116126	date:	2017-05-06T00:00:00
db:	VULMON	id:	CVE-2017-7923	date:	2017-05-06T00:00:00
db:	BID	id:	98313	date:	2017-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-003962	date:	2017-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-1047	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-7923	date:	2017-05-06T00:29:00.380