ID CVE-2017-7253
Summary Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login.
References
Vulnerable Configurations
  • cpe:2.3:o:dahuasecurity:ip_camera_firmware:3.200.0001.6:*:*:*:*:*:*:*
    cpe:2.3:o:dahuasecurity:ip_camera_firmware:3.200.0001.6:*:*:*:*:*:*:*
  • cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*
    cpe:2.3:h:dahuasecurity:ip_camera:-:*:*:*:*:*:*:*
CVSS
Base: 9.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-922
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bid 97263
misc https://gist.github.com/anonymous/16aca69b7dea27cb73ddebb0d9033b02
Last major update 03-10-2019 - 00:03
Published 30-03-2017 - 18:59
Last modified 03-10-2019 - 00:03
Back to Top