I have found some weaknesses / vulnerabilities for Dahua and OEM cloud solutions, and I would like to kindly issue few warnings for people here at IPVM.
1. If you actively use Dahua and/or their OEM cloud solutions, you are in great risk to have your credentials compromised due to one serious vulnerability. (To which I will do Full Disclosure for at May 9, 2020 19:00 UTC)
*. ** *** ***'* *** ***** and/or ***** *** ***** *********, *** are ** **** ****, *** *** should ********** ******* ** ** ********* (it ** ******* *** ********* ** default), ** ****** *** ***** *** to *******, *** ******* ** **** devices - ********** **** *** **** set ** **** ********/****** ** ******* UPNP/DNS. (** **** *** ***% ************ from ********, ***** ** ******* ****)
* ** **** ******** ******* *** and **** ** *********** ***** ******.
/******
*** ***** ***** **** ***? **** your *********** * ** ******** *** yet?