CVE-2013-3615

7.8

HIGH

Dahua DVR Password Hash Vulnerability

Description

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack.

INFO

Published Date :

Sept. 17, 2013, 12:04 p.m.

Last Modified :

Sept. 17, 2013, 6:37 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

6.9

Exploitability Score :

10.0

Affected Products

The following products are affected by CVE-2013-3615 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Dahuasecurity	dvr0404hd-a
2	Dahuasecurity	dvr0404hd-l
3	Dahuasecurity	dvr0404hd-s
4	Dahuasecurity	dvr0404hd-u
5	Dahuasecurity	dvr0404hf-a-e
6	Dahuasecurity	dvr0404hf-al-e
7	Dahuasecurity	dvr0404hf-s-e
8	Dahuasecurity	dvr0404hf-u-e
9	Dahuasecurity	dvr0804
10	Dahuasecurity	dvr0804hd-l
11	Dahuasecurity	dvr0804hd-s
12	Dahuasecurity	dvr0804hf-a-e
13	Dahuasecurity	dvr0804hf-al-e
14	Dahuasecurity	dvr0804hf-l-e
15	Dahuasecurity	dvr0804hf-s-e
16	Dahuasecurity	dvr0804hf-u-e
17	Dahuasecurity	dvr1604hd-l
18	Dahuasecurity	dvr1604hd-s
19	Dahuasecurity	dvr1604hf-a-e
20	Dahuasecurity	dvr1604hf-al-e
21	Dahuasecurity	dvr1604hf-l-e
22	Dahuasecurity	dvr1604hf-s-e
23	Dahuasecurity	dvr1604hf-u-e
24	Dahuasecurity	dvr2104c
25	Dahuasecurity	dvr2104h
26	Dahuasecurity	dvr2104hc
27	Dahuasecurity	dvr2104he
28	Dahuasecurity	dvr2108c
29	Dahuasecurity	dvr2108h
30	Dahuasecurity	dvr2108hc
31	Dahuasecurity	dvr2108he
32	Dahuasecurity	dvr2116c
33	Dahuasecurity	dvr2116h
34	Dahuasecurity	dvr2116hc
35	Dahuasecurity	dvr2116he
36	Dahuasecurity	dvr2404hf-s
37	Dahuasecurity	dvr2404lf-al
38	Dahuasecurity	dvr2404lf-s
39	Dahuasecurity	dvr3204hf-s
40	Dahuasecurity	dvr3204lf-al
41	Dahuasecurity	dvr3204lf-s
42	Dahuasecurity	dvr3224l
43	Dahuasecurity	dvr3232l
44	Dahuasecurity	dvr5104c
45	Dahuasecurity	dvr5104h
46	Dahuasecurity	dvr5104he
47	Dahuasecurity	dvr5108c
48	Dahuasecurity	dvr5108h
49	Dahuasecurity	dvr5108he
50	Dahuasecurity	dvr5116c
51	Dahuasecurity	dvr5116h
52	Dahuasecurity	dvr5116he
53	Dahuasecurity	dvr5204a
54	Dahuasecurity	dvr5204l
55	Dahuasecurity	dvr5208a
56	Dahuasecurity	dvr5208l
57	Dahuasecurity	dvr5216a
58	Dahuasecurity	dvr5216l
59	Dahuasecurity	dvr5404
60	Dahuasecurity	dvr5408
61	Dahuasecurity	dvr5416
62	Dahuasecurity	dvr5804
63	Dahuasecurity	dvr5808
64	Dahuasecurity	dvr5816
65	Dahuasecurity	dvr6404lf-s

: Total Affected Vendor : 1 | Products : 65

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2013-3615.

URL	Resource
http://www.kb.cert.org/vuls/id/800094	US Government Resource

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2013-3615 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2013-3615 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value
Initial Analysis by [email protected]

Sep. 17, 2013

Action Type Old Value New Value

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2013-3615 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2013-3615 weaknesses.

CVE-2013-3615

Dahua DVR Password Hash Vulnerability

Description

INFO

Sept. 17, 2013, 12:04 p.m.

Sept. 17, 2013, 6:37 p.m.

[email protected]

Yes !

6.9

10.0

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.21 }} 0.02%

0.58860

CVSS2 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable