QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-5754

Back to search

CVE-2013-5754

Published: Sep 17, 2013

Modified: Sep 16, 2024

PUBLISHED

Description

The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.

VendorProductVersions

n/a

n/a

affected
n/a

References

VU#800094
third-party-advisory
x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now