漏洞描述
Dahua Security DVRAppliances利用瘦客户端如PSS,移动客户端接口如iDMSS和ActiveX控件"webrec.cab"进行访问。这些客户端与管理服务(TCP37777)进行通信。其中服务器没有正确校验ActiveX控件所提交的命令,允许攻击者利用漏洞绕过验证进行授权操作,获取敏感信息,更改用户密码等。
Dahua Security DVR Appliances验证绕过漏洞(CVE-2013-6117)
PoC代码
暂无相关漏洞推荐
- Ksenia Security Lares 4.0 Home Automation 安全漏洞
- ZKTeco ZKBio CVSecurity /app/v1/photoBase64 目录遍历漏洞(CVE-2024-35431)
- POC weak-csp-detect: Weak Content Security Policy - Detect
- POC wp-security-hidden-login-exposure: WordPress All-in-One Security <=4.4.1 - Hidden Login Page Exposure
- POC CVE-2021-41419: QVIS NVR/DVR - Remote Code Execution
- Cisco Secure Firewall Adaptive Security Appliance 缓冲区溢出漏洞
- Vmware Spring Security 逻辑缺陷漏洞
- Exrick Xboot Swagger SecurityController.java服务器端请求伪造(CVE-2025-8527)
- POC CVE-2019-14287: Sudo <= 1.8.27 - Security Bypass
- POC CVE-2014-6308: Osclass Security Advisory 3.4.1 - Local File Inclusion
- POC CVE-2016-4977: Spring Security OAuth2 Remote Command Execution
- POC CVE-2017-7925: Dahua Security - Configuration File Disclosure
- POC CVE-2018-15745: Argus Surveillance DVR 4.0.0.0 - Local File Inclusion