CVE-2013-6117

EPSS 70.7%

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/milo2012/CVE-2013-6117★ 8 githubgithub.com/fsn4k3/dahua-dvr-metasploit★ 0 cve_referencepacketstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.htmlunverified cve_referencewww.exploit-db.com/exploits/29673unverified exploitdbwww.exploit-db.com/exploits/29673unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://blog.depthsecurity.com/2013/11/dahua-dvr-authentication-bypass-cve.html http://packetstormsecurity.com/files/124022/Dahua-DVR-Authentication-Bypass.html http://seclists.org/bugtraq/2013/Nov/62 http://www.exploit-db.com/exploits/29673 http://www.osvdb.org/99783