SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Dahua DVR user group information query attempt
This event is generated when a Dahua DVR, or potentially another DVR leveraging the same binary protocol, is being sent a request to query the user group information of the camera. At this time, requests sent over this protocol are unauthenticated. Impact: Attempted Information Leak Details: An attacker sends a command to the vulnerable DVR and since the request is unauthenticated, the DVR executes the request. In this case the request is to query the user group information which will return group names and description. The rule looks for the following: 0xA6000000 -> Command dword 0x00000000 -> Null dword 0x05000000 -> Specifier for command (denotes user group info) Two dwords of nulls: 0x00000000 0x00000000 Ease of Attack: Simple and publicly available.
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2013-3615 |
Loading description
|
CVE-2013-6117 |
Loading description
|
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
