What is CVE-2013-6117?

CVE-2013-6117 is a vulnerability in Dahuasecurity Dvr_firmware, classified under Improper Authentication. Published 2014-07-11.

Is CVE-2013-6117 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Dahuasecurity Dvr_firmware

CVE-2013-6117

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP po…

Vulnerability class: Broken Authentication

EPSS: 0.900 (99.6th percentile) — read the EPSS interpretation.

Affected products

Dahuasecurity Dvr_firmware — versions 2.608.0000.0, 2.608.gv00.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

20131113 Dahua DVR Authentication Bypass - CVE-2013-6117 (mailing-list, x_refsource_BUGTRAQ)
99783 (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (x_refsource_MISC)
29673 (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2013-6117?: CVE-2013-6117 is a vulnerability in Dahuasecurity Dvr_firmware, classified under Improper Authentication. Published 2014-07-11.
Is CVE-2013-6117 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.