I Would Like To Issue A Warning...

I have found some weaknesses / vulnerabilities for Dahua and OEM cloud solutions, and I would like to kindly issue few warnings for people here at IPVM.

1. If you actively use Dahua and/or their OEM cloud solutions, you are in great risk to have your credentials compromised due to one serious vulnerability. (To which I will do Full Disclosure for at May 9, 2020 19:00 UTC)

*. ** *** ***'* *** ***** and/or ***** *** ***** *********, *** are ** **** ****, *** *** should ********** ******* ** ** ********* (it ** ******* *** ********* ** default), ** ****** *** ***** *** to *******, *** ******* ** **** devices - ********** **** *** **** set ** **** ********/****** ** ******* UPNP/DNS. (** **** *** ***% ************ from ********, ***** ** ******* ****)

* ** **** ******** ******* *** and **** ** *********** ***** ******.

/******

Reactions:

(11)

John Honovich

IPVM

*** ***** ***** **** ***? **** your *********** * ** ******** *** yet?

Reactions:

bashis mcw

In reply to John Honovich

**, **** *** ***** ********* ** details *** ***. *** * ****** to **** ** ***** *****-**, ** I ***'* ***** **** ** **** know ** ** *** *** *****.

Reactions:

(1)

John Honovich

IPVM

**, *** ** *** ***** ****** know? *** *** ***** **** *** have **** ** *******?

Reactions:

bashis mcw

* ***'* **** ** ***** *** much ** **** ******, * **** to **** ***** **** ** *** the ***** *** ********** *** *****. But **'* **** ***, ** ********** to ** **** **** ** **** when * ***** ***** ** "********** 2 *** ********** *", **** *** been ***** ** "********** *".

Reactions:

John Honovich

IPVM

* *** *** **** ********* *******, I ***** ***** ****** *******. **** you **** *********** **** ****** *** exploiting ****?

Reactions:

bashis mcw

In reply to John Honovich

********, * **** *** **** ** heard *** *********** ** ****.

Reactions:

Eddie Perry

***** ** **** ** ********* *****, like *********** *** ******* ** **** point **** *** ***** ******* ** devices ********** ** *** ***** *******....

**** ***** **** **** ** **** auto ********* ***** ** ********* *** exposed ** **** *** ********* ** the ********.

* *** *** ** *** *** style **** ****** ***** *** ************ a ****** ** *** ***** ***** before ***** *** *****

***** **** **** ******, **** **** pressing ******* ** ****** ** ** china ***** ***.....

Reactions:

(1)

John Honovich

IPVM

In reply to Eddie Perry

***** **** **** ******, **** **** pressing ******* ** ****** ** ** china ***** ***.....

* *** **** **** *** ** the **** **** ** ***. *** fact **** ****** *** ****** **** warning **** **** **** ***** ********* to *******.

Reactions:

(3)

John Honovich

IPVM

**'* **** ****** * *****, * just ***** ***** *** ** ****** and **** **** ** / **** I *******.

Reactions:

Undisclosed Integrator #2

*** **** ********* *** *** ********** in * ******* ****** *** ********* the *******... ** *** ** ***** revealing...

** *** ****** ** *** ** day ********** ****** * **** ******* from ******* ****.

***** ***************...

*. ******* ** *** *** *** VPN **** **** ****** ****** ** the *** **** ******* *** ******* and *** *** ******** ******* ** cameras.

*. ********** ***** **** (******** ******** to ** ‘** **** *** ****’) note **** **** ****** *** ***** you ** **** ** *** *** IT ***** *****!

*. ****** **** ****** *********

*. ***’* *** ************ **** - use * ***** ***** *******

*. *** * ********* ******* *** that ******* **** *** ********* *** which **** ****** *** ****** *** attack ******* ****** * ********** ** focussed ******* ****** **** ************(*)

*. ***** ********* *** *** ****** immune

Reactions:

(1)

(2)

bashis mcw

* ***** ** *** ******!

****** ******** ******* (**** **** ***** VPN ** ****** ******), ******** *** in *** ******** ******* ******* ** VPN ****** ** **.

Reactions:

Undisclosed Integrator #2

********** *****!

***** ***** ** **********...

** *** ** *** **** *** skill ** ****** * ***, ****** someone ** ** ** *** *** or *** * ********* ********** ******** VPN ******** **** ** *** *** Router (********* ** *** ** - not **** ***** ******** ****)

Reactions:

Undisclosed

•Mar 12, 2020

"********** ** *** **** ******** ** set" ** * ***** ******** *********. If * ***** ******* ******* **** shouldn't ** ********, ** * **** to ***** *** ******* **** ** cameras **/**** *** ****** ********, ***.

** *** **** ******** ******* ** ports **** * ***** *** ** being * *******.

Reactions:

bashis mcw

In reply to Undisclosed

**** *** **** ***** ***** ****?

*******, **** ******** ******* ***** ** #2 *********. *.*: (** **** *** 100% ************ **** ********, ***** ** minimal ****)

Reactions:

Undisclosed

***** ********* ******* *********** *****-**, ****** says

**** (*** **********) ** * *** solution ****'* *** **** * *****. Your #* **** ***-*** ** **, which ***** *****. **** ********* *** quite *********** *** ******* ***** ** no ******** ** ********* **** *** block *** *******.

Reactions:

Undisclosed Integrator #3

•Mar 12, 2020

** **** *****, *’* ******* ** and **** ***** ** ** *** a ****. ***** ******* *** ****** the ***** ****** ******** *************

Reactions:

(3)

(1)

Undisclosed Integrator #4

In reply to Undisclosed Integrator #3

* **** **'* *********** ** **** on ***** (*** *********), *** ***** in *******, *** ** ******* **** a ******* ****** ** ******** ******* of ***** **********'* *******/********* ** ****** absurd.

Reactions:

(3)

(1)

Undisclosed End User #5

In reply to Undisclosed Integrator #4

* ******* "**********" *** ********** **** Dahua (*** *********)?

Reactions:

(1)

bashis mcw

In reply to Undisclosed End User #5

*** **** "*****" (.***) [.**] ?

Reactions:

(3)

Undisclosed Integrator #4

**, ****'* ********.***.**.

Reactions:

(1)

Undisclosed Integrator #4

In reply to Undisclosed End User #5

* ******* "**********" *** ********** **** Dahua (*** *********)?

****, ***'** *****. *'* **** ** was ******* ** ***** **** ******* the ******* ****** ******* ** ***** up ***********.

Image result for obama what gif

Reactions:

(1)

bashis mcw