Priviledge Escalation Vulnerability Was Found In Some Dahua Devices

Date:18/03/2018

Security Notification – Privilege escalation vulnerability was found in some Dahua devices.
Notification ID: DHCC-SA-201803-001
First Published: March 18, 2018

CVE ID: CVE-2017-9317

Summary:
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.

Please follow the table below to identify if your device may have been affected:

Affected Devices


Firmware Version


XVR5104C
XVR5104HS

DH_XVR5x04_Eng_P_V3.218.0000001.2.R.170808

DH_XVR5x04_Eng_P_V3.210.0001.11.R.20170525

DH_XVR5x04_Eng_P_V3.210.0001.8.R.20170307

DH_XVR5x04_Eng_P_V3.210.0001.7.R.20170218

DH_XVR5x04_Eng_P_V3.210.0001.3.R.20160914


XVR5108C
XVR5108HS

DH_XVR5x08_Eng_P_V3.218.0000001.2.R.170808

DH_XVR5x08_Eng_P_V3.210.0001.11.R.20170525

DH_XVR5x08_Eng_P_V3.210.0001.8.R.20170307

DH_XVR5x08_Eng_P_V3.210.0001.7.R.20170218

DH_XVR5x08_Eng_P_V3.210.0001.3.R.20160914


XVR5216A
XVR5416L

DH_XVR5x16_Eng_P_V3.218.0000001.2.R.170808

DH_XVR5x16_Eng_P_V3.210.0001.11.R.20170525

DH_XVR5x16_Eng_P_V3.210.0001.8.R.20170307

DH_XVR5x16_Eng_P_V3.210.0001.7.R.20170218

DH_XVR5x16_Eng_P_V3.210.0001.3.R.20160914


XVR7416L

DH_XVR7x16_Eng_P_V3.218.0000001.2.R.170808

DH_XVR7x16_Eng_P_V3.210.0001.11.R.20170525

DH_XVR7x16_Eng_P_V3.210.0001.8.R.20170307

DH_XVR7x16_Eng_P_V3.210.0001.7.R.20170218

DH_XVR7x16_Eng_P_V3.210.0001.3.R.20160914



If your device is vulnerable 

We recommend upgrading your device to the latest firmware.