VYPR
Vendor

Dahuasecurity

Products
71
CVEs
22
Across products
155
Status
Private

Products

71
View all 71 products →

Recent CVEs

22
View all 22 CVEs →
  • CVE-2017-7925CriMay 6, 2017
    risk 0.68cvss 9.8epss 0.52

    A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3,…

  • CVE-2017-6342CriFeb 27, 2017
    risk 0.65cvss 9.8epss 0.13

    An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the…

  • CVE-2017-9315CriNov 28, 2017
    risk 0.64cvss 9.8epss 0.01

    Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently…

  • CVE-2017-9314HigNov 13, 2017
    risk 0.57cvss 8.8epss 0.01

    Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

  • CVE-2017-7253HigMar 30, 2017
    risk 0.57cvss 8.8epss 0.02

    Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During…

  • CVE-2017-6343HigFeb 27, 2017
    risk 0.57cvss 8.1epss 0.60

    The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash…

  • CVE-2017-6432HigMar 9, 2017
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which…

  • CVE-2017-7927HigMay 6, 2017
    risk 0.50cvss 7.3epss 0.37

    A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX,…

  • CVE-2017-9316MedNov 27, 2017
    risk 0.42cvss 6.5epss 0.02

    Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It…

  • CVE-2017-6341MedFeb 27, 2017
    risk 0.39cvss 5.9epss 0.09

    Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application…

  • CVE-2013-6117Jul 11, 2014
    risk 0.09cvss epss 0.71

    Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

  • CVE-2013-3615Sep 17, 2013
    risk 0.04cvss epss 0.08

    Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.

  • CVE-2013-3613Sep 17, 2013
    risk 0.04cvss epss 0.07

    Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.

  • CVE-2013-3614Sep 17, 2013
    risk 0.04cvss epss 0.07

    Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.

  • CVE-2013-3612Sep 17, 2013
    risk 0.04cvss epss 0.10

    Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown…

  • CVE-2024-11131Mar 19, 2025
    risk 0.00cvss epss 0.01

    A vulnerability regarding out-of-bounds read is found in the video interface. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.2.0-0525 may be affected: BC500, CC400W and TC500.

  • CVE-2024-39351Jun 28, 2024
    risk 0.00cvss epss 0.02

    A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The…

  • CVE-2024-39349Jun 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models…

  • CVE-2023-47803Jun 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The…

  • CVE-2024-5463Jun 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via…