Strix
26.1K

CVE-2013-3612

UnknownEPSS 10.30%

Last modified

CVE-2013-3612 is a vulnerability of currently unknown severity. Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.. EPSS estimates a 10.30% chance of exploitation in the next 30 days.

Description

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

Metrics

EPSS Probability
10.30%

95.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DahuasecurityDvr0404hd-AAll versions
DahuasecurityDvr0404hd-LAll versions
DahuasecurityDvr0404hd-SAll versions
DahuasecurityDvr0404hd-UAll versions
DahuasecurityDvr0404hf-A-EAll versions
DahuasecurityDvr0404hf-Al-EAll versions
DahuasecurityDvr0404hf-S-EAll versions
DahuasecurityDvr0404hf-U-EAll versions
DahuasecurityDvr0804All versions
DahuasecurityDvr0804hd-LAll versions
DahuasecurityDvr0804hd-SAll versions
DahuasecurityDvr0804hf-A-EAll versions
DahuasecurityDvr0804hf-Al-EAll versions
DahuasecurityDvr0804hf-L-EAll versions
DahuasecurityDvr0804hf-S-EAll versions
DahuasecurityDvr0804hf-U-EAll versions
DahuasecurityDvr1604hd-LAll versions
DahuasecurityDvr1604hd-SAll versions
DahuasecurityDvr1604hf-A-EAll versions
DahuasecurityDvr1604hf-Al-EAll versions
DahuasecurityDvr1604hf-L-EAll versions
DahuasecurityDvr1604hf-S-EAll versions
DahuasecurityDvr1604hf-U-EAll versions
DahuasecurityDvr2104cAll versions
DahuasecurityDvr2104hAll versions
DahuasecurityDvr2104hcAll versions
DahuasecurityDvr2104heAll versions
DahuasecurityDvr2108cAll versions
DahuasecurityDvr2108hAll versions
DahuasecurityDvr2108hcAll versions
DahuasecurityDvr2108heAll versions
DahuasecurityDvr2116cAll versions
DahuasecurityDvr2116hAll versions
DahuasecurityDvr2116hcAll versions
DahuasecurityDvr2116heAll versions
DahuasecurityDvr2404hf-SAll versions
DahuasecurityDvr2404lf-AlAll versions
DahuasecurityDvr2404lf-SAll versions
DahuasecurityDvr3204hf-SAll versions
DahuasecurityDvr3204lf-AlAll versions
DahuasecurityDvr3204lf-SAll versions
DahuasecurityDvr3224lAll versions
DahuasecurityDvr3232lAll versions
DahuasecurityDvr5104cAll versions
DahuasecurityDvr5104hAll versions
DahuasecurityDvr5104heAll versions
DahuasecurityDvr5108cAll versions
DahuasecurityDvr5108hAll versions
DahuasecurityDvr5108heAll versions
DahuasecurityDvr5116cAll versions

Showing 50 of 65 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-3612?
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.
How severe is CVE-2013-3612?
Severity scoring for CVE-2013-3612 is pending analysis. The EPSS model estimates a 10.30% probability of exploitation in the next 30 days.
How do I fix CVE-2013-3612?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-3612?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST