语言选择
投资者关系

安全预警 - 大华IPC-HDW4300S及部分产品存在一个高危漏洞

预警编号:DHCC-SA-201711-004

初始发布时间:2017-11-17

更新发布时间:2018-04-18

 

漏洞描述:

大华公司IPC-HDW4300S及部分产品存在升级功能调试登录认证的安全漏洞。该安全漏洞由内部调试Debug功能引起。该功能用于产品研发阶段的问题分析和调试,只接收特定数据,不存在收集用户隐私和远程调用的情况。

 

漏洞编号:

CVE-2017-9316

 

漏洞评分:

该漏洞使用CVSS v3标准进行分级评分( http://www.first.org/cvss/specification-document

CVE-2017-9316

基础得分:7.5 (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H)

临时得分:6.7 (E:P/RL:O/RC:C)

 

影响范围及修复程序:

经过24小时的紧急排查,初步确定了2017年6月之后的大华产品,不存在该安全漏洞。在2016年7月至2017年6月之间的受此安全漏洞影响的产品型号、版本和对应的修复程序如下表。

影响型号

受影响版本

修复程序

IPC-HDW4300S

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.240.0009.0.R.20131015

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.240.0009.0.R.20131015

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.400.0000.0.R.20131231

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.400.0000.0.R.20131231

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0000.0.R.20140419

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0000.0.R.20140419

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0002.0.R.20140621

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0002.0.R.20140621

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0002.0.R.20140724

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0002.0.R.20140724

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0005.0.R.20141205

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0005.0.R.20141205

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0006.0.R.20150311

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0006.0.R.20150311

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0007.0.R.20150409

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0007.0.R.20150409

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0008.0.R.20150710

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0008.0.R.20150710

DH_IPC-HX5(4)XXX-adreia_Eng_N_stream3_V2.420.0009.0.R.20151106

DH_IPC-HX5(4)XXX-adreia_Eng_P_stream3_V2.420.0009.0.R.   20151106

 

NVR11HS

DH_NVR1100HS_Chn_P_V3.210.0000.5.R.20160803   
  DH_NVR11xxHS_Chn_V3.210.0000.5.R.20161226 
  DH_NVR11xxHS_Chn_V3.210.0000.5.R.20170305 
  DH_NVR11xxHS_Chn_V3.210.0000.5.R.20170321

DH_NVR11xxHS_Chn_V3.213.0000.0.R.20170516

经过排查确认,在2016年7月份之前受此安全漏洞影响的部分产品型号、版本和对应的修复程序如下表。

影响型号

受影响版本

修复程序

IPC-HFW4X00

IPC-HDW4X00

IPC-HDBW4X00

DH_IPC-HX4(2)X2X-Themis_Eng_P_Stream3_V2.400.0000.3.R.20150312

DH_IPC-HX4(2)X2X-Themis_Eng_N_Stream3_V2.400.0000.3.R.20150312

 

DH_IPC-HX5(4)XXX-Adreia_Eng_P_Stream3_V2.420.0006.0.R.20150311

DH_IPC-HX5(4)XXX-Adreia_Eng_N_Stream3_V2.420.0006.0.R.20150311

 

DH_IPC-HX4(2)X2X-Themis_Chn_P_Stream3_V2.400.0000.3.R.20150312

DH_IPC-HX5(4)XXX-Adreia_Chn_P_Stream3_V2.420.0006.0.R.20150311

DH_IPC-HX5(4)XXX-Adreia_Chn_P_Stream3_IVS_V2.420.0006.0.R.20150311

DH_IPC-HX4X2X-Themis_Eng_P_Stream3_V2.620.0000002.0.R.170830

DH_IPC-HX4X2X-Themis_EngSpn_N_Stream3_V2.620.0000002.0.R.170830

DH_IPC-HX5(4)XXX-Adreia_Eng_P_Stream3_V2.420.0009.0.R.20151106

DH_IPC-HX5(4)XXX-Adreia_Eng_N_Stream3_V2.420.0009.0.R.20151106

DH_IPC-HX4X2X-Themis_Chn_PN_Stream3_V2.620.0000002.0.R.170830

DH_IPC-HX5(4)XXX-Adreia_Chn_PN_Stream3_V2.420.0009.0.R.20151106

DH_IPC-HX5(4)XXX-Adreia_Chn_P_Stream3_IVS_V2.420.0009.0.R.20151106

IPC-HF5X00

IPC-HFW5X00

IPC-HDW5X00

IPC-HDBW5X00

DH_IPC-HX5X2X-Themis_Eng_P_Stream3_V2.400.0000.3.R.20150312

DH_IPC-HX5X2X-Themis_Eng_N_Stream3_V2.400.0000.3.R.20150312

DH_IPC-HX5(4)XXX-Adreia_Eng_P_Stream3_V2.420.0006.0.R.20150311

DH_IPC-HX5(4)XXX-Adreia_Eng_N_Stream3_V2.420.0006.0.R.20150311

DH_IPC-HX5X2X-Themis_Chn_P_Stream3_V2.400.0000.3.R.20150312

DH_IPC-HX5(4)XXX-Adreia_Chn_P_Stream3_V2.420.0006.0.R.20150311

DH_IPC-HX5(4)XXX-Adreia_Chn_P_Stream3_IVS_V2.420.0006.0.R.20150311

DH_IPC-HX5X2X-Themis_Eng_P_Stream3_V2.620.0000002.0.R.170830

DH_IPC-HX5X2X-Themis_EngSpn_N_Stream3_V2.620.0000002.0.R.170830

DH_IPC-HX5(4)XXX-Adreia_Eng_P_Stream3_V2.420.0009.0.R.20151106

DH_IPC-HX5(4)XXX-Adreia_Eng_N_Stream3_V2.420.0009.0.R.20151106

DH_IPC-HX5X2X-Themis_Chn_PN_Stream3_V2.620.0000002.0.R.170830

DH_IPC-HX5(4)XXX-Adreia_Chn_PN_Stream3_V2.420.0009.0.R.20151106

DH_IPC-HX5(4)XXX-Adreia_Chn_P_Stream3_IVS_V2.420.0009.0.R.20151106

NVR11HS

General_NVR11xxHS_Chn_P_V3.210.0000.0.R.20150206

DH_NVR11xxHS_Eng_NP_V3.210.0000.1.R.20150420

DH_NVR11xxHS_Eng_NP_V3.210.0000.2.R.20150715

DH_NVR11xxHS_Chn_P_V3.210.0000.3.R.20150921

DH_NVR11xxHS_Chn_P_V3.210.0000.5.R.20160409

DH_NVR11xxHS_Chn_P_V3.210.0000.5.R.20160603

DH_NVR11xxHS_Chn_V3.213.0000.0.R.20170516

DH_NVR11xxHS_Chn_V3.215.0000000.0.R.171013

DH_NVR11xxHS_Eng_V3.215.0000000.0.R.171013


 

版本获取途径:

请按照上述修复版本或更新版本下载升级。或联系大华区域技术支持人员进行升级。


联系渠道:

    关于大华股份产品和解决方案的问题,可以通过大华安全应急响应中心DHCC的邮箱: cybersecurity@dahuatech.com反馈给我们。

更新记录:

    2018-04-18 UPDATE 更新影响范围及修复程序

    2017-11-17 INITIAL