CVE-2017-7925 PoC — 多款大华产品安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-7925.yaml

Associated Vulnerability

Title:多款大华产品安全漏洞 (CVE-2017-7925)
Description:大华DH-IPC-HDBW23A0RN-ZS等都是中国大华（DaHua）公司的摄像头产品。多款大华产品中存在安全漏洞。攻击者可利用该漏洞获取敏感信息的访问权限。以下产品受到影响：大华DH-IPC-HDBW23A0RN-ZS；DH-IPC-HDBW13A0SN；DH-IPC-HDW1XXX；DH-IPC-HDW2XXX；DH-IPC-HDW4XXX；DH-IPC-HFW1XXX；DH-IPC-HFW2XXX；DH-IPC-HFW4XXX；DH-SD6CXX；DH-NVR1XXX；DH-HCVR4XXX；D

Description

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.

File Snapshot


 id: CVE-2017-7925

info:
  name: Dahua Security - Configuration File Disclosure
  author: E1A,none
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!