Dahua NVR - Auth Bypass - CVE-2017-6432
Disclosure Timeline
- 2017-02-24: Vulnerability Discovered
- 2017-03-02: Proof of Concept Written
- 2017-03-02: Dahua Contacted with plan to disclose on March 9th unless they wished otherwise.
- 2017-03-07: Dahua Responded with timeline to fix CVE-2017-6341, CVE-2017-6342, CVE-2017-6343
- 2017-03-07: Requested response for this: CVE-2017-6432 again.
- 2017-03-11: Content redacted and kept private at request of Dahua until all issues are resolved