How severe is CVE-2017-7253?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-7253?

This is classified as CWE-922, which is a common weakness in software security.

CVE-2017-7253 - HIGH Severity | CVSS 8.8

Vulnerability Description

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege credentials to list all users via a request to a certain URI. 2. Login to the IP camera with admin credentials so as to obtain full control of the target IP camera. During exploitation, the first JSON object encountered has a "Component error: login challenge!" message. The second JSON object encountered has a result indicating a successful admin login.

Related Vulnerabilities

CVE-2023-42913

HIGH

CVSS:8.8(High)

This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.2. Remote Login sessions may be able to obtain full disk access permissions.

CWE-9222023

CVE-2022-0724

CRITICAL

CVSS:9.1(Critical)

Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3.

CWE-9222022

CVE-2024-10943

CRITICAL

CVSS:9.1(Critical)

An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat...

CWE-9222024

CVE-2024-30896

CRITICAL

CVSS:9.1(Critical)

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default orga...

CWE-9222024

CVE-2024-3501

CRITICAL

CVSS:9.1(Critical)

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/use...

CWE-9222024

CVE-2024-3502

CRITICAL

CVSS:9.1(Critical)

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This iss...

CWE-9222024