Strix
26.1K

CVE-2013-5754

UnknownEPSS 2.48%

Last modified

CVE-2013-5754 is a vulnerability of currently unknown severity. The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.. EPSS estimates a 2.48% chance of exploitation in the next 30 days.

Description

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.

Metrics

EPSS Probability
2.48%

82.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DahuasecurityDvr0404hd-AAll versions
DahuasecurityDvr0404hd-LAll versions
DahuasecurityDvr0404hd-SAll versions
DahuasecurityDvr0404hd-UAll versions
DahuasecurityDvr0404hf-A-EAll versions
DahuasecurityDvr0404hf-Al-EAll versions
DahuasecurityDvr0404hf-S-EAll versions
DahuasecurityDvr0404hf-U-EAll versions
DahuasecurityDvr0804All versions
DahuasecurityDvr0804hd-LAll versions
DahuasecurityDvr0804hd-SAll versions
DahuasecurityDvr0804hf-A-EAll versions
DahuasecurityDvr0804hf-Al-EAll versions
DahuasecurityDvr0804hf-L-EAll versions
DahuasecurityDvr0804hf-S-EAll versions
DahuasecurityDvr0804hf-U-EAll versions
DahuasecurityDvr1604hd-LAll versions
DahuasecurityDvr1604hd-SAll versions
DahuasecurityDvr1604hf-A-EAll versions
DahuasecurityDvr1604hf-Al-EAll versions
DahuasecurityDvr1604hf-L-EAll versions
DahuasecurityDvr1604hf-S-EAll versions
DahuasecurityDvr1604hf-U-EAll versions
DahuasecurityDvr2104cAll versions
DahuasecurityDvr2104hAll versions
DahuasecurityDvr2104hcAll versions
DahuasecurityDvr2104heAll versions
DahuasecurityDvr2108cAll versions
DahuasecurityDvr2108hAll versions
DahuasecurityDvr2108hcAll versions
DahuasecurityDvr2108heAll versions
DahuasecurityDvr2116cAll versions
DahuasecurityDvr2116hAll versions
DahuasecurityDvr2116hcAll versions
DahuasecurityDvr2116heAll versions
DahuasecurityDvr2404hf-SAll versions
DahuasecurityDvr2404lf-AlAll versions
DahuasecurityDvr2404lf-SAll versions
DahuasecurityDvr3204hf-SAll versions
DahuasecurityDvr3204lf-AlAll versions
DahuasecurityDvr3204lf-SAll versions
DahuasecurityDvr3224lAll versions
DahuasecurityDvr3232lAll versions
DahuasecurityDvr5104cAll versions
DahuasecurityDvr5104hAll versions
DahuasecurityDvr5104heAll versions
DahuasecurityDvr5108cAll versions
DahuasecurityDvr5108hAll versions
DahuasecurityDvr5108heAll versions
DahuasecurityDvr5116cAll versions

Showing 50 of 65 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-5754?
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
How severe is CVE-2013-5754?
Severity scoring for CVE-2013-5754 is pending analysis. The EPSS model estimates a 2.48% probability of exploitation in the next 30 days.
How do I fix CVE-2013-5754?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-5754?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST