An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP…
mitre·CWE-319·Published 2017-03-09
An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.
An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.
Se ha descubierto un problema en dispositivos Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06. El Dahua DVR Protocol, que opera en el puerto TCP 37777, es un protocolo binario sin cifrar. La realización de un ataque Man-in-the-Middle permite tanto la escucha como la inyección de paquetes, lo que permite la creación de nuevos usuarios con privilegios completos, además de capturar la información sensible.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 9.3 | 8.6 | 10.0 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| 3.0 | Primary | NVD | 8.1 | 2.2 | 5.9 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |