Strix
26.1K

CVE-2017-9315

UnknownEPSS 1.44%

Last modified

CVE-2017-9315 is a vulnerability of currently unknown severity. Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.

Description

Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.

Metrics

EPSS Probability
1.44%

69.9th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
DahuasecurityIpc-Hfw1xxx FirmwareAll versions
DahuasecurityIpc-Hdw1xxx FirmwareAll versions
DahuasecurityIpc-Hdbw1xxx FirmwareAll versions
DahuasecurityIpc-Hfw2xxx FirmwareAll versions
DahuasecurityIpc-Hdw2xxx FirmwareAll versions
DahuasecurityIpc-Hdbw2xxx FirmwareAll versions
DahuasecurityIpc-Hfw4xxx FirmwareAll versions
DahuasecurityIpc-Hdw4xxx FirmwareAll versions
DahuasecurityIpc-Hdbw4xxx FirmwareAll versions
DahuasecurityIpc-Hf5xxx FirmwareAll versions
DahuasecurityIpc-Hfw5xxx FirmwareAll versions
DahuasecurityIpc-Hdw5xxx FirmwareAll versions
DahuasecurityIpc-Hdbw5xxx FirmwareAll versions
DahuasecurityIpc-Hf8xxx FirmwareAll versions
DahuasecurityIpc-Hfw8xxx FirmwareAll versions
DahuasecurityIpc-Hdbw8xxx FirmwareAll versions
DahuasecurityIpc-Ebw8xxx FirmwareAll versions
DahuasecurityIpc-Pfw8xxx FirmwareAll versions
DahuasecurityDh-Sd2xxxxx FirmwareAll versions
DahuasecurityIpc-Pdbw8xxx FirmwareAll versions
DahuasecurityIpc-Hum8xxx FirmwareAll versions
DahuasecurityPsd8xxxx FirmwareAll versions
DahuasecurityDh-Sd4xxxxx FirmwareAll versions
DahuasecurityDh-Sd5xxxxx FirmwareAll versions
DahuasecurityDh-Sd6xxxxx FirmwareAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-9315?
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
How severe is CVE-2017-9315?
Severity scoring for CVE-2017-9315 is pending analysis. The EPSS model estimates a 1.44% probability of exploitation in the next 30 days.
How do I fix CVE-2017-9315?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-9315?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST