CVE-2017-6341

Name: CVE-2017-6341
Creator: NVD / NIST
Published: 2017-02-27T07:59:00.38+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 8.90%

Last modified Jun 17, 2026

CVE-2017-6341 is a vulnerability of currently unknown severity. Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.. EPSS estimates a 8.90% chance of exploitation in the next 30 days.

Description

Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117.

Metrics

EPSS Probability

8.90%

94.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-319

Affected Software

Vendor	Product	Versions
Dahuasecurity	Camera Firmware	2.400.0000.28.r
Dahuasecurity	Nvr Firmware	3.210.0001.10
Dahuasecurity	Smartpss Firmware	1.16.1

References

http://www.securityfocus.com/bid/96456Third Party Advisory, VDB Entry
https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.htmlThird Party Advisory
https://twitter.com/null_ku7/status/835649185168838657Third Party Advisory
http://www.securityfocus.com/bid/96456Third Party Advisory, VDB Entry
https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.htmlThird Party Advisory
https://twitter.com/null_ku7/status/835649185168838657Third Party Advisory

Timeline

Published: Feb 27, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-6341?

How severe is CVE-2017-6341?

Severity scoring for CVE-2017-6341 is pending analysis. The EPSS model estimates a 8.90% probability of exploitation in the next 30 days.

How do I fix CVE-2017-6341?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-6341?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST