Just found this from BleepingComputer.com also linked to by Slashdot. These are very large tech sites getting familiar with the name "Dahua", be prepared.
The Latest Dahua Debacle
Not sure this is really a new debacle as it is the same problem, just discovered more easily. I suspect those running the old firmware at this point just don't care.
Not much to say on this. The author is just reiterating the point that CVE-2013-6117 is still a critical issue that has yet been resolved. If your device is on sites like ZoomEye/Shodan with default credentials (or even complex passwords with old firmware) and has yet to be owned you should go buy some lotto tickets.
I do realize that they are reiterating older problems, but what I find interesting is that the Dahua name is now being recognized more and more as problem devices on some of the more "techy-oriented" websites. This could lead to more notice by people who you really don't want to draw the interest of.
Most CCTV manufactures are classified as known security risks on enterprise level networks. The fact that HikVision/Dahua get classified as a level 10 risk while Axis/Bosch get classified as a level 9 risk is of little consequence from what I have seen. Most of the IT People I know tend to Buy American because that is what the CIO has instructed they have to purchase.
The network administrators I know see CCTV as a necessary evil on their network and tolerate exactly as much as they have to. They see CCTV as little more than IoT Pieces of S*** which have the purpose of adding physical security and most of them would remove all CCTV from their network in a heartbeat if they could get away with it.
Hey, did you see the latest bug report on PC DOS 6.1?
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.