CVE-2013-5754
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
17/09/2013
Last modified:
11/04/2025
Description
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page