CVE-2013-3612

Exp

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which makes it easier for remote attackers to obtain administrative access via authorization requests involving (a) ActiveX, (b) a standalone client, or (c) unknown other vectors.

Published: 2013-09-17 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2013-3612 is rated High Exploit Risk (90.2/100): CVSS Critical severity, with high exploitation likelihood (EPSS 12.09%, 94th percentile). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.39% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2013-3612

EDB-ID Source Kind Published Link
29673 exploit_db edb 2013-11-18 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2013-3612

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-03-23 9.70% 12.09% +2.39%
2 2026-03-21 9.23% 9.70% +0.47%
3 2025-09-23 9.23%

Full EPSS history (14 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-3612

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2013-3612

Affected software / configurations for CVE-2013-3612

Vendor Product Version Raw CPE
dahuasecurity dvr0404hd-a cpe:2.3:h:dahuasecurity:dvr0404hd-a:-:*:*:*:*:*:*:*
dahuasecurity dvr0404hd-l cpe:2.3:h:dahuasecurity:dvr0404hd-l:-:*:*:*:*:*:*:*
dahuasecurity dvr0404hd-s cpe:2.3:h:dahuasecurity:dvr0404hd-s:-:*:*:*:*:*:*:*
dahuasecurity dvr0404hd-u cpe:2.3:h:dahuasecurity:dvr0404hd-u:-:*:*:*:*:*:*:*
dahuasecurity dvr0404hf-a-e cpe:2.3:h:dahuasecurity:dvr0404hf-a-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0404hf-al-e cpe:2.3:h:dahuasecurity:dvr0404hf-al-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0404hf-s-e cpe:2.3:h:dahuasecurity:dvr0404hf-s-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0404hf-u-e cpe:2.3:h:dahuasecurity:dvr0404hf-u-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0804 cpe:2.3:h:dahuasecurity:dvr0804:-:*:*:*:*:*:*:*
dahuasecurity dvr0804hd-l cpe:2.3:h:dahuasecurity:dvr0804hd-l:-:*:*:*:*:*:*:*
dahuasecurity dvr0804hd-s cpe:2.3:h:dahuasecurity:dvr0804hd-s:-:*:*:*:*:*:*:*
dahuasecurity dvr0804hf-a-e cpe:2.3:h:dahuasecurity:dvr0804hf-a-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0804hf-al-e cpe:2.3:h:dahuasecurity:dvr0804hf-al-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0804hf-l-e cpe:2.3:h:dahuasecurity:dvr0804hf-l-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0804hf-s-e cpe:2.3:h:dahuasecurity:dvr0804hf-s-e:-:*:*:*:*:*:*:*
dahuasecurity dvr0804hf-u-e cpe:2.3:h:dahuasecurity:dvr0804hf-u-e:-:*:*:*:*:*:*:*
dahuasecurity dvr1604hd-l cpe:2.3:h:dahuasecurity:dvr1604hd-l:-:*:*:*:*:*:*:*
dahuasecurity dvr1604hd-s cpe:2.3:h:dahuasecurity:dvr1604hd-s:-:*:*:*:*:*:*:*
dahuasecurity dvr1604hf-a-e cpe:2.3:h:dahuasecurity:dvr1604hf-a-e:-:*:*:*:*:*:*:*
dahuasecurity dvr1604hf-al-e cpe:2.3:h:dahuasecurity:dvr1604hf-al-e:-:*:*:*:*:*:*:*
dahuasecurity dvr1604hf-l-e cpe:2.3:h:dahuasecurity:dvr1604hf-l-e:-:*:*:*:*:*:*:*
dahuasecurity dvr1604hf-s-e cpe:2.3:h:dahuasecurity:dvr1604hf-s-e:-:*:*:*:*:*:*:*
dahuasecurity dvr1604hf-u-e cpe:2.3:h:dahuasecurity:dvr1604hf-u-e:-:*:*:*:*:*:*:*
dahuasecurity dvr2104c cpe:2.3:h:dahuasecurity:dvr2104c:-:*:*:*:*:*:*:*
dahuasecurity dvr2104h cpe:2.3:h:dahuasecurity:dvr2104h:-:*:*:*:*:*:*:*
dahuasecurity dvr2104hc cpe:2.3:h:dahuasecurity:dvr2104hc:-:*:*:*:*:*:*:*
dahuasecurity dvr2104he cpe:2.3:h:dahuasecurity:dvr2104he:-:*:*:*:*:*:*:*
dahuasecurity dvr2108c cpe:2.3:h:dahuasecurity:dvr2108c:-:*:*:*:*:*:*:*
dahuasecurity dvr2108h cpe:2.3:h:dahuasecurity:dvr2108h:-:*:*:*:*:*:*:*
dahuasecurity dvr2108hc cpe:2.3:h:dahuasecurity:dvr2108hc:-:*:*:*:*:*:*:*
dahuasecurity dvr2108he cpe:2.3:h:dahuasecurity:dvr2108he:-:*:*:*:*:*:*:*
dahuasecurity dvr2116c cpe:2.3:h:dahuasecurity:dvr2116c:-:*:*:*:*:*:*:*
dahuasecurity dvr2116h cpe:2.3:h:dahuasecurity:dvr2116h:-:*:*:*:*:*:*:*
dahuasecurity dvr2116hc cpe:2.3:h:dahuasecurity:dvr2116hc:-:*:*:*:*:*:*:*
dahuasecurity dvr2116he cpe:2.3:h:dahuasecurity:dvr2116he:-:*:*:*:*:*:*:*
dahuasecurity dvr2404hf-s cpe:2.3:h:dahuasecurity:dvr2404hf-s:-:*:*:*:*:*:*:*
dahuasecurity dvr2404lf-al cpe:2.3:h:dahuasecurity:dvr2404lf-al:-:*:*:*:*:*:*:*
dahuasecurity dvr2404lf-s cpe:2.3:h:dahuasecurity:dvr2404lf-s:-:*:*:*:*:*:*:*
dahuasecurity dvr3204hf-s cpe:2.3:h:dahuasecurity:dvr3204hf-s:-:*:*:*:*:*:*:*
dahuasecurity dvr3204lf-al cpe:2.3:h:dahuasecurity:dvr3204lf-al:-:*:*:*:*:*:*:*
dahuasecurity dvr3204lf-s cpe:2.3:h:dahuasecurity:dvr3204lf-s:-:*:*:*:*:*:*:*
dahuasecurity dvr3224l cpe:2.3:h:dahuasecurity:dvr3224l:-:*:*:*:*:*:*:*
dahuasecurity dvr3232l cpe:2.3:h:dahuasecurity:dvr3232l:-:*:*:*:*:*:*:*
dahuasecurity dvr5104c cpe:2.3:h:dahuasecurity:dvr5104c:-:*:*:*:*:*:*:*
dahuasecurity dvr5104h cpe:2.3:h:dahuasecurity:dvr5104h:-:*:*:*:*:*:*:*
dahuasecurity dvr5104he cpe:2.3:h:dahuasecurity:dvr5104he:-:*:*:*:*:*:*:*
dahuasecurity dvr5108c cpe:2.3:h:dahuasecurity:dvr5108c:-:*:*:*:*:*:*:*
dahuasecurity dvr5108h cpe:2.3:h:dahuasecurity:dvr5108h:-:*:*:*:*:*:*:*
dahuasecurity dvr5108he cpe:2.3:h:dahuasecurity:dvr5108he:-:*:*:*:*:*:*:*
dahuasecurity dvr5116c cpe:2.3:h:dahuasecurity:dvr5116c:-:*:*:*:*:*:*:*
dahuasecurity dvr5116h cpe:2.3:h:dahuasecurity:dvr5116h:-:*:*:*:*:*:*:*
dahuasecurity dvr5116he cpe:2.3:h:dahuasecurity:dvr5116he:-:*:*:*:*:*:*:*
dahuasecurity dvr5204a cpe:2.3:h:dahuasecurity:dvr5204a:-:*:*:*:*:*:*:*
dahuasecurity dvr5204l cpe:2.3:h:dahuasecurity:dvr5204l:-:*:*:*:*:*:*:*
dahuasecurity dvr5208a cpe:2.3:h:dahuasecurity:dvr5208a:-:*:*:*:*:*:*:*
dahuasecurity dvr5208l cpe:2.3:h:dahuasecurity:dvr5208l:-:*:*:*:*:*:*:*
dahuasecurity dvr5216a cpe:2.3:h:dahuasecurity:dvr5216a:-:*:*:*:*:*:*:*
dahuasecurity dvr5216l cpe:2.3:h:dahuasecurity:dvr5216l:-:*:*:*:*:*:*:*
dahuasecurity dvr5404 cpe:2.3:h:dahuasecurity:dvr5404:-:*:*:*:*:*:*:*
dahuasecurity dvr5408 cpe:2.3:h:dahuasecurity:dvr5408:-:*:*:*:*:*:*:*
dahuasecurity dvr5416 cpe:2.3:h:dahuasecurity:dvr5416:-:*:*:*:*:*:*:*
dahuasecurity dvr5804 cpe:2.3:h:dahuasecurity:dvr5804:-:*:*:*:*:*:*:*
dahuasecurity dvr5808 cpe:2.3:h:dahuasecurity:dvr5808:-:*:*:*:*:*:*:*
dahuasecurity dvr5816 cpe:2.3:h:dahuasecurity:dvr5816:-:*:*:*:*:*:*:*
dahuasecurity dvr6404lf-s cpe:2.3:h:dahuasecurity:dvr6404lf-s:-:*:*:*:*:*:*:*

References for CVE-2013-3612

URL Tags
http://www.kb.cert.org/vuls/id/800094 US Government Resource
cvelogic Threat Intelligence