CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
91.2%
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.
Vendor | Product | Version | CPE |
---|---|---|---|
dahuasecurity | dh-ipc-hdbw23a0rn-zs_firmware | - | cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdbw23a0rn-zs | - | cpe:2.3:h:dahuasecurity:dh-ipc-hdbw23a0rn-zs:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdbw13a0sn_firmware | - | cpe:2.3:o:dahuasecurity:dh-ipc-hdbw13a0sn_firmware:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdbw13a0sn | - | cpe:2.3:h:dahuasecurity:dh-ipc-hdbw13a0sn:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdw1xxx_firmware | - | cpe:2.3:o:dahuasecurity:dh-ipc-hdw1xxx_firmware:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdw1xxx | - | cpe:2.3:h:dahuasecurity:dh-ipc-hdw1xxx:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdw2xxx_firmware | - | cpe:2.3:o:dahuasecurity:dh-ipc-hdw2xxx_firmware:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdw2xxx | - | cpe:2.3:h:dahuasecurity:dh-ipc-hdw2xxx:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdw4xxx_firmware | - | cpe:2.3:o:dahuasecurity:dh-ipc-hdw4xxx_firmware:-:*:*:*:*:*:*:* |
dahuasecurity | dh-ipc-hdw4xxx | - | cpe:2.3:h:dahuasecurity:dh-ipc-hdw4xxx:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
91.2%