DHCC-SA-201803-001:Security Advisory – Privilege escalation vulnerability found in some Dahua IP products
SA ID: DHCC-SA-201803-001
First Published: March 16, 2018
Update revision: May 22, 2018
Summary:
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
CVE ID: CVE-2017-9317
Vulnerability Score (CVSS V3.0 http://www.first.org/cvss/specification-document):
Base Score: 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
Temporal Score: 6.6 (E:F/RL:O/RC:C)
Affected Products & Fix Software:
Dahua has conducted screening to identify the following affected recorder products.
|
Affected Model |
Firmware Version |
Fix Software |
|
XVR 5x04 |
DH_XVR5x04_Eng_P_V3.218.0000001.2.R.170808 DH_XVR5x04_Eng_P_V3.210.0001.11.R.20170525 DH_XVR5x04_Eng_P_V3.210.0001.8.R.20170307 DH_XVR5x04_Eng_P_V3.210.0001.7.R.20170218 DH_XVR5x04_Eng_P_V3.210.0001.3.R.20160914 |
DH_XVR5x04_Eng_P_V3.218.0000002.1.R.171229 |
|
XVR 5x08 |
DH_XVR5x08_Eng_P_V3.218.0000001.2.R.170808 DH_XVR5x08_Eng_P_V3.210.0001.11.R.20170525 DH_XVR5x08_Eng_P_V3.210.0001.8.R.20170307 DH_XVR5x08_Eng_P_V3.210.0001.7.R.20170218 DH_XVR5x08_Eng_P_V3.210.0001.3.R.20160914 |
DH_XVR5x08_Eng_P_V3.218.0000002.1.R.171229 |
|
XVR 5x16 |
DH_XVR5x16_Eng_P_V3.218.0000001.2.R.170808 DH_XVR5x16_Eng_P_V3.210.0001.11.R.20170525 DH_XVR5x16_Eng_P_V3.210.0001.8.R.20170307 DH_XVR5x16_Eng_P_V3.210.0001.7.R.20170218 DH_XVR5x16_Eng_P_V3.210.0001.3.R.20160914 |
DH_XVR5x16_Eng_P_V3.218.0000002.1.R.171229 |
|
XVR 7x16 |
DH_XVR7x16_Eng_P_V3.218.0000001.2.R.170808 DH_XVR7x16_Eng_P_V3.210.0001.11.R.20170525 DH_XVR7x16_Eng_P_V3.210.0001.8.R.20170307 DH_XVR7x16_Eng_P_V3.210.0001.7.R.20170218 DH_XVR7x16_Eng_P_V3.210.0001.3.R.20160914 |
DH_XVR7x16_Eng_P_V3.218.0000002.1.R.171229 |
Dahua has conducted screening to identify the following affected camera products.
|
Affected Model |
Firmware Version |
Fix Software |
|
IPC-HDBW4XXX |
Build before 2017/09 |
DH_IPC-HX5X3X-Rhea_EngSpnFrn_N_Stream3_V2.622.0000000.18.R.20171110 DH_IPC-HX5X3X-Rhea_Eng_P_Stream3_V2.622.0000000.18.R.20171110 DH_IPC-HX5X3X-Rhea_Chn_PN_Stream3_V2.622.0000000.18.R.20171110 DH_IPC-HX4XXX-Eos_Chn_PN_Stream3_V2.621.0000.28.R.20170912 |
|
IPC-HDBW5XXX |
Build before 2017/09 |
DH_IPC-HX5X3X-Rhea_EngSpnFrn_N_Stream3_V2.622.0000000.18.R.20171110 DH_IPC-HX5X3X-Rhea_Eng_P_Stream3_V2.622.0000000.18.R.20171110 DH_IPC-HX5X3X-Rhea_Chn_PN_Stream3_V2.622.0000000.18.R.20171110 DH_IPC-HX4XXX-Eos_Chn_PN_Stream3_V2.621.0000.28.R.20170912 |
Dahua will provide update information if additional affected products are identified.
Fix software download:
Please download the corresponding fix software (or its newer version) as listed in the above table from Dahua website. Customers can also contact Dahua local technical support to obtain the fix software
Support Resources
Dahua technical team will be available to advise and support the upgrade process. For any questions or concerns related to cybersecurity, please contact Dahua at psirt@dahuatech.com
We acknowledge the support of Tiger Puma from fosec.vn who discovered this vulnerability and reported to Dahua PSIRT
Revision History
2018-5-22 UPDATE Affected products and fix software
2018-3-16 INITIAL
