CVE-2017-9314

Name: CVE-2017-9314
Creator: NVD / NIST
Published: 2017-11-13T16:29:00.327+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.93%

Last modified Jun 17, 2026

CVE-2017-9314 is a vulnerability of currently unknown severity. Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.. EPSS estimates a 0.93% chance of exploitation in the next 30 days.

Description

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.

Metrics

EPSS Probability

0.93%

56.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Dahuasecurity	Nvr5464-16p-4ks2 Firmware	< dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5208-8p-4ks2 Firmware	< dh_nvr5208_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5432-16p-4ks2 Firmware	< dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5416-16p-4ks2 Firmware	< dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5464-4ks2 Firmware	< dh_nvr5464_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5432-4ks2 Firmware	< dh_nvr5432_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5416-4ks2 Firmware	< dh_nvr5416_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5232-16p-4ks2 Firmware	< dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5216-16p-4ks2 Firmware	< dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5232-8p-4ks2 Firmware	< dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5216-8p-4ks2 Firmware	< dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5232-4ks2 Firmware	< dh_nvr5232_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5216-4ks2 Firmware	< dh_nvr5216_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5208-4ks2 Firmware	< dh_nvr5208_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5816-4ks2 Firmware	< dh_nvr5816_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5832-4ks2 Firmware	< dh_nvr5832_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5864-4ks2 Firmware	< dh_nvr5864_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5864-16p-4ks2 Firmware	< dh_nvr5864_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5832-16p-4ks2 Firmware	< dh_nvr5832_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5816-16p-4ks2 Firmware	< dh_nvr5816_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5424-24p-4ks2 Firmware	< dh_nvr5424_eng_p_v2.616.0000.0.r.20171102
Dahuasecurity	Nvr5224-24p-4ks2 Firmware	< dh_nvr5224_eng_p_v2.616.0000.0.r.20171102

References

http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.htmlIssue Tracking, Vendor Advisory
http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.htmlIssue Tracking, Vendor Advisory

Timeline

Published: Nov 13, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-9314?

How severe is CVE-2017-9314?

Severity scoring for CVE-2017-9314 is pending analysis. The EPSS model estimates a 0.93% probability of exploitation in the next 30 days.

How do I fix CVE-2017-9314?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-9314?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST