Details of VAR-201711-1047

ID

VAR-201711-1047

CVE

CVE-2017-9315

TITLE

Dahua IP Camera and IP PTZ Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011143

DESCRIPTION

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. Dahua IP Camera and IP PTZ Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dahua Technology IP Camera. Authentication is not required to exploit this vulnerability.The specific flaw exists within the disaster recovery password functionality. If the device uses its default settings, the password generation algorithm produces a predictable result. An attacker can leverage this vulnerability to gain control of the device under attack. Dahua IPC-HFW and others are network camera equipment of Dahua Company of China. There are security vulnerabilities in several Dahua products. An attacker could use this vulnerability to reset the administrator password. Dahua IPC-HFW, etc. The following products are affected: Dahua IPC-HFW1XXX Build 2015/07 to 2017/03; IPC-HDW1XXX Build 2015/07 to 2017/03; IPC-HDBW1XXX Build 2015/07 to 2017/03; IPC- HFW2XXX Build 2015/07 to 2017/03; IPC-HDW2XXX Build 2015/07 to 2017/03; IPC-HDBW2XXX Build 2015/07 to 2017/03; IPC-HFW4XXX Build 2015/07 to 2017 /03 version; IPC-HDW4XXX Build 2015/07 to 2017/03 version; IPC-HDBW4XXX Build 2015/07 to 2017/03 version; IPC-HF5XXX Build 2015/07 to 2017/03 version; IPC-HFW5XXX Build 2015/07 to 2017/03; IPC-HDW5XXX Build 2015/07 to 2017/03; IPC-HDBW5XXX Build 2015/07 to 2017/03; IPC-HF8XXX Build 2015/07 to 2017/03 Version; IPC-HFW8XXX Build 2015/07 to 2017/03; IPC-HDBW8XXX Build 2015/07 to 2017/03; IPC-EBW8XXX Build 2015/07 to 2017/03; IPC-PFW8xxx Build 2015/ 07 version to 2017/03 version; IPC-PDBW8xxx Build 2015/07 version to 2017/03 version; IPC-HUM8xxx Build 2015/07 version to 2017/03 version

Trust: 2.88

sources: NVD: CVE-2017-9315 // JVNDB: JVNDB-2017-011143 // ZDI: ZDI-18-130 // CNVD: CNVD-2017-38224 // VULHUB: VHN-117518

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-38224

AFFECTED PRODUCTS

vendor:	dahuasecurity	model:	ipc-hfw1xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hfw2xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hdw1xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hdw4xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hfw4xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hdbw1xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hdw2xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hf5xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hdbw2xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hdbw4xxx	scope:	eq	version:	-	Trust: 1.6
vendor:	dahuasecurity	model:	ipc-hfw5xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdbw8xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	psd8xxxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dh-sd5xxxxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdw5xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dh-sd4xxxxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-pdbw8xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hf8xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-ebw8xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-pfw8xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dh-sd2xxxxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hfw8xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	dh-sd6xxxxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hdbw5xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahuasecurity	model:	ipc-hum8xxx	scope:	eq	version:	-	Trust: 1.0
vendor:	dahua	model:	dh-ipc-hdw1xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dh-ipc-hdw2xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dh-ipc-hdw4xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dh-ipc-hfw1xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dh-sd2xxxxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dh-sd4xxxxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dh-sd5xxxxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	dh-sd6xxxxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-ebw8xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdbw1xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdbw2xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdbw4xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdbw5xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdbw8xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hdw5xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hf5xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hf8xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hfw2xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hfw4xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hfw5xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hfw8xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-hum8xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-pdbw8xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ipc-pfw8xxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	psd8xxxx	scope:	-	version:	-	Trust: 0.8
vendor:	dahua	model:	ip camera	scope:	-	version:	-	Trust: 0.7
vendor:	dahua	model:	security ipc-hf5xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hfw5xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdw5xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdbw5xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hf8xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hfw8xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdbw8xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-ebw8xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-pfw8xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-pdbw8xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hum8xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security psd	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hfw1xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdw1xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdbw1xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hfw2xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdw2xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdbw2xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hfw4xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security ipc-hdw4xxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security dh-sd6xxxxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security dh-sd5xxxxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security dh-sd4xxxxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6
vendor:	dahua	model:	security dh-sd2xxxxx	scope:	gte	version:	2015/07,<=2017/03	Trust: 0.6

sources: ZDI: ZDI-18-130 // CNVD: CNVD-2017-38224 // JVNDB: JVNDB-2017-011143 // CNNVD: CNNVD-201705-1393 // NVD: CVE-2017-9315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9315
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-9315
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2017-9315
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2017-38224
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201705-1393
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-117518
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9315
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-9315
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2017-38224
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-117518
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9315
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-18-130 // CNVD: CNVD-2017-38224 // VULHUB: VHN-117518 // JVNDB: JVNDB-2017-011143 // CNNVD: CNNVD-201705-1393 // NVD: CVE-2017-9315

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-310	Trust: 0.9

sources: VULHUB: VHN-117518 // JVNDB: JVNDB-2017-011143 // NVD: CVE-2017-9315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1393

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201705-1393

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011143

PATCH

title:	Top Page	url:	http://www.dahuasecurity.com/	Trust: 0.8
title:	Dahua Technology has issued an update to correct this vulnerability.	url:	http://www.dahuasecurity.com/Support/Cybersecurity/annoucementNotice/152	Trust: 0.7
title:	Patches for multiple Dahua product password reset vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/111791	Trust: 0.6
title:	Multiple Dahua Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99835	Trust: 0.6

sources: ZDI: ZDI-18-130 // CNVD: CNVD-2017-38224 // JVNDB: JVNDB-2017-011143 // CNNVD: CNNVD-201705-1393

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9315	Trust: 3.8
db:	JVNDB	id:	JVNDB-2017-011143	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-4956	Trust: 0.7
db:	ZDI	id:	ZDI-18-130	Trust: 0.7
db:	CNNVD	id:	CNNVD-201705-1393	Trust: 0.7
db:	CNVD	id:	CNVD-2017-38224	Trust: 0.6
db:	VULHUB	id:	VHN-117518	Trust: 0.1

sources: ZDI: ZDI-18-130 // CNVD: CNVD-2017-38224 // VULHUB: VHN-117518 // JVNDB: JVNDB-2017-011143 // CNNVD: CNNVD-201705-1393 // NVD: CVE-2017-9315

REFERENCES

url:	http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9315	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9315	Trust: 0.8
url:	http://www.dahuasecurity.com/support/cybersecurity/annoucementnotice/152	Trust: 0.7

sources: ZDI: ZDI-18-130 // CNVD: CNVD-2017-38224 // VULHUB: VHN-117518 // JVNDB: JVNDB-2017-011143 // CNNVD: CNNVD-201705-1393 // NVD: CVE-2017-9315

CREDITS

Kenney Lu Trend Micro

Trust: 0.7

sources: ZDI: ZDI-18-130

SOURCES

db:	ZDI	id:	ZDI-18-130
db:	CNVD	id:	CNVD-2017-38224
db:	VULHUB	id:	VHN-117518
db:	JVNDB	id:	JVNDB-2017-011143
db:	CNNVD	id:	CNNVD-201705-1393
db:	NVD	id:	CVE-2017-9315

LAST UPDATE DATE

2024-11-23T22:56:02.974000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-130	date:	2018-01-19T00:00:00
db:	CNVD	id:	CNVD-2017-38224	date:	2017-12-27T00:00:00
db:	VULHUB	id:	VHN-117518	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-011143	date:	2018-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201705-1393	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-9315	date:	2024-11-21T03:35:49.310

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-18-130	date:	2018-01-19T00:00:00
db:	CNVD	id:	CNVD-2017-38224	date:	2017-12-26T00:00:00
db:	VULHUB	id:	VHN-117518	date:	2017-11-28T00:00:00
db:	JVNDB	id:	JVNDB-2017-011143	date:	2018-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201705-1393	date:	2017-05-30T00:00:00
db:	NVD	id:	CVE-2017-9315	date:	2017-11-28T19:29:00.400