多款Dahua产品访问验证漏洞
CVE编号
CVE-2017-9314利用情况
暂无补丁情况
N/A披露时间
2017-11-14漏洞描述
Dahua NVR50XX等都是中国大华(Dahua)公司的网络硬盘摄像机产品。 多款Dahua产品中存在安全漏洞。攻击者可通过伪造json信息利用该漏洞执行其他操作。解决建议
厂商已发布漏洞修复程序,请及时关注更新:http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html
参考链接 |
|
|---|---|
| http://www.dahuasecurity.com/annoucementsingle/security-advisory--authenticat... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5208-4ks2_firmware | * | Up to (excluding) dh_nvr5208_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5208-8p-4ks2_firmware | * | Up to (excluding) dh_nvr5208_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5216-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5216_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5216-4ks2_firmware | * | Up to (excluding) dh_nvr5216_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5216-8p-4ks2_firmware | * | Up to (excluding) dh_nvr5216_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5224-24p-4ks2_firmware | * | Up to (excluding) dh_nvr5224_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5232-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5232_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5232-4ks2_firmware | * | Up to (excluding) dh_nvr5232_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5232-8p-4ks2_firmware | * | Up to (excluding) dh_nvr5232_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5416-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5416_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5416-4ks2_firmware | * | Up to (excluding) dh_nvr5416_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5424-24p-4ks2_firmware | * | Up to (excluding) dh_nvr5424_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5432-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5432_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5432-4ks2_firmware | * | Up to (excluding) dh_nvr5432_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5464-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5464_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5464-4ks2_firmware | * | Up to (excluding) dh_nvr5464_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5816-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5816_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5816-4ks2_firmware | * | Up to (excluding) dh_nvr5816_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5832-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5832_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5832-4ks2_firmware | * | Up to (excluding) dh_nvr5832_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5864-16p-4ks2_firmware | * | Up to (excluding) dh_nvr5864_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 系统 | dahuasecurity | nvr5864-4ks2_firmware | * | Up to (excluding) dh_nvr5864_eng_p_v2.616.0000.0.r.20171102 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5208-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5208-8p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5216-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5216-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5216-8p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5224-24p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5232-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5232-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5232-8p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5416-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5416-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5424-24p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5432-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5432-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5464-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5464-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5816-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5816-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5832-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5832-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5864-16p-4ks2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | dahuasecurity | nvr5864-4ks2 | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 低
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-287 | 认证机制不恰当 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论