Skip to main content
CVE-2013-3612 CRITICAL POC THREAT Emergency

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.1%.

Dahua Authentication Bypass Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
12.1%
CVE-2013-3614 CRITICAL POC THREAT Emergency

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.8%.

Privilege Escalation Dahua Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
10.8%
CVE-2013-5754 CRITICAL Act Now

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dahua Dvr0404Hd A Dvr0404Hd L Dvr0404Hd S +62
NVD
CVSS 2.0
10.0
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy