Back to KEVs

CVE-2017-7927

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN,...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 18, 2017
Published Date
May 06, 2017
Last Updated
August 05, 2024
Vendor
Dahua
Product
Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras
Description
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

Score
1.74% (Percentile: 81.55%) as of 2025-05-25

Exploit Status

Exploited in the Wild
Yes (2025-05-03 00:00:00 UTC) Source

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02 http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php http://www.securityfocus.com/bid/98312

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-04-27 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel