CVE-2017-6342 – This vulnerability allows attackers to bypass a... (How to Fix)

Q: What is the severity of CVE-2017-6342?

CVE-2017-6342 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to bypass authentication in Dahua SmartPSS software by automatically logging in as admin when the software is launched. This affects users of specific Dahua NVR devices and SmartPSS software versions, enabling unauthorized access to sensitive information without requiring password knowledge.

📋 TL;DR

This vulnerability allows attackers to bypass authentication in Dahua SmartPSS software by automatically logging in as admin when the software is launched. This affects users of specific Dahua NVR devices and SmartPSS software versions, enabling unauthorized access to sensitive information without requiring password knowledge.

💻 Affected Systems

Products:

Dahua DHI-HCVR7216A-S3 NVR
Dahua SmartPSS Software

Versions: NVR Firmware 3.210.0001.10 (2016-06-06), Camera Firmware 2.400.0000.28.R (2016-03-29), SmartPSS Software 1.16.1 (2017-01-19)

Operating Systems: Windows (for SmartPSS)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SmartPSS software to be installed and launched. The vulnerability is triggered during the login screen display.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of surveillance systems, unauthorized access to live camera feeds, configuration tampering, and potential access to other connected systems.

🟠

Likely Case

Unauthorized viewing of surveillance footage, access to sensitive camera configurations, and potential credential harvesting from the system.

🟢

If Mitigated

Limited to isolated network segments with no sensitive data exposure.

🌐 Internet-Facing: HIGH - If SmartPSS is exposed to the internet, attackers can easily gain admin access without authentication.

🏢 Internal Only: HIGH - Even internally, any user with network access to the SmartPSS software can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the SmartPSS software and involves sniffing network traffic during the automatic login process.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SmartPSS versions after 1.16.1

Vendor Advisory: Not publicly documented by Dahua

Restart Required: Yes

Instructions:

1. Update SmartPSS software to latest version. 2. Update NVR firmware to latest version. 3. Update camera firmware to latest version. 4. Restart all affected systems.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Dahua systems from untrusted networks

Disable SmartPSS

windows

Remove or disable SmartPSS software if not required

🧯 If You Can't Patch

Segment Dahua devices on isolated VLAN with strict firewall rules
Monitor network traffic for unauthorized access attempts to SmartPSS

🔍 How to Verify

Check if Vulnerable:

Check SmartPSS version (Help > About). If version is 1.16.1 or earlier, the system is vulnerable. Monitor network traffic during SmartPSS launch for automatic admin login.

Check Version:

In SmartPSS: Help > About

Verify Fix Applied:

After updating, verify SmartPSS version is newer than 1.16.1. Test that automatic admin login no longer occurs during launch.

📡 Detection & Monitoring

Log Indicators:

Unauthorized login attempts
Multiple admin sessions from unusual IPs
SmartPSS launch events

Network Indicators:

Traffic to SmartPSS default ports (37777, 37778)
Admin authentication without password entry

SIEM Query:

source="network_traffic" dest_port=37777 OR dest_port=37778 AND (event="authentication" AND user="admin" AND password="")

📊 Metadata

CVE ID: CVE-2017-6342

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: February 27, 2017

Last Updated: April 20, 2025

🔗 References

http://www.securityfocus.com/bid/96454 Third Party Advisory,VDB Entry
https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html Third Party Advisory
http://www.securityfocus.com/bid/96454 Third Party Advisory,VDB Entry
https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-6342, you might also want to check these: