These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2017-6343 is a high-severity authentication weakness in the web interface of affected Dahua DHI-HCVR7216A-S3 devices and related firmware/software. According to NVD, a remote attacker who knows the MD5 Admin Hash may obtain login access without knowing the password. The issue is classified as CWE-287 and is distinct from CVE-2013-6117.
CVE-2017-6342 was published on 2017-02-27 and remains listed by NVD as a critical authentication/privilege issue affecting Dahua DHI-HCVR7216A-S3-related firmware and SmartPSS 1.16.1. According to the CVE description, when SmartPSS is launched and still on the login screen, the software in the background automatically logs in as admin. That behavior can expose sensitive information, including the data ide [truncated]
CVE-2017-6341 describes a cleartext credential exposure issue in several Dahua products. According to the NVD record, affected versions include DHI-HCVR7216A-S3 NVR firmware 3.210.0001.10, camera firmware 2.400.0000.28.R, and SmartPSS 1.16.1. The issue affects responses from the Web Page, Mobile Application, and Desktop Application interfaces, allowing an attacker with suitable network access to recover s [truncated]