High severity7.3NVD Advisory· Published May 6, 2017· Updated May 13, 2026

CVE-2017-7927

Description

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.

Affected products

Dahuasecurity/Dh Ipc Hdbw23a0rn Zs Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Ipc Hdbw13a0sn Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Ipc Hdw1xxx Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Ipc Hdw2xxx Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Ipc Hdw4xxx Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Ipc Hfw1xxx Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hfw1xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Ipc Hfw2xxx Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hfw2xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Ipc Hfw4xxx Firmware
cpe:2.3:o:dahuasecurity:dh-ipc-hfw4xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Sd6cxx Firmware
cpe:2.3:o:dahuasecurity:dh-sd6cxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Nvr1xxx Firmware
cpe:2.3:o:dahuasecurity:dh-nvr1xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Hcvr4xxx Firmware
cpe:2.3:o:dahuasecurity:dh-hcvr4xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dh Hcvr5xxx Firmware
cpe:2.3:o:dahuasecurity:dh-hcvr5xxx_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dhi Hcvr51a04he S3 Firmware
cpe:2.3:o:dahuasecurity:dhi-hcvr51a04he-s3_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dhi Hcvr51a08he S3 Firmware
cpe:2.3:o:dahuasecurity:dhi-hcvr51a08he-s3_firmware:-:*:*:*:*:*:*:*
Dahuasecurity/Dhi Hcvr58a32s S2 Firmware
cpe:2.3:o:dahuasecurity:dhi-hcvr58a32s-s2_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

us.dahuasecurity.com/en/us/Security-Bulletin_030617.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/98312nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-17-124-02nvdMitigationThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000