This article is no longer available publicly. Please subscribe to read.

Dahua New Critical Vulnerabilities 2021

GJ
Avatar
Gurami Jamaspishvili and Ethan Ace
Published Sep 07, 2021 15:51 PM

Dahua has admitted two new major vulnerabilities, discovered by cybersecurity researcher Bashis, the latest in numerous cybersecurity vulnerabilities for the NDAA-banned manufacturer over the past 4 years. Watch the video overview:

Risk "**** ****"

******, *** ************* ********** *** ********** these *** *************** ****** **** **** "very **** ********* *** ******* **** hack, *** ** **** ****** – i.e. ** ***** *********** *** ****** to ** ***** ** *** ******."

********* ** *****: "********* *** ****** device ******** ************** ** ************ ********* data *******."

******* ** *** ****, ****** ** delaying ******* ** *** **** ********** until **** *****:

*** ** *** **** **** ********* of ******* "***** **** ****", * will **** **** ********** ******* ***** October *, ****.

CVEs *** ******

***** ***** *** ******** *** *** numbers *** ***** *************** (***-****-***********-****-*****), **** *** *** ****** ***, as *** ********** ***** *****:

IPVM Image

Two *************** - ********* **** ******

***** ******** *** ******** *************** ** their******** ********, ********* ********* ****** ** ********.

  • ***-****-*****: ******** **** ***** **** ****** June ****
  • ***-****-*****: ** ****** ******** **** ***** time ****** *** **** *** ********/******** firmware ***** ** ******** ****.

*******, ** ******** ********* ******* ** these *************** **** **** ********. ** will ****** **** ****** *** **** Bashis' ***** ** ******* **** ** is ******** ** *******.

Models ********

***** ********* * **** ** ******** ********** **** ***.

  • *** ***** **** (***-****-*****) ****** **** of ***** *****, ***, *** ******* cameras, ** **** ** *********.
  • *** ****** **** (***-****-*****) ****** *** same **** ** ** ****** ****** and *********, *** **** ******** **** of *****'* **** *** ****.

****: ***** ******** ***** ****** ******* **** ***** *** ** **** numbering ******, ** **** ****** **** *****'* international **** *******.

UPDATE: ********** ****** ***** ******** (**/**/**)

***** *** ******* *** ******** ******** Advisory (******* **/**) *** ***** ******* additional ****** ****** ** *** **** of ******** ******, ***** ****:

IPVM Image

***** ** ***** *****, ** ******** the *************** *** ****** **-*** ***** models, ** *** ******** ****. ** is ********* ** *****-********* **** ** them ** **** *** **** **** in ***** *** ***** ** ** clear ****** ******* *******, *** **** have **** ************. **************** ******* **** ***** **** ** HX2XXX ****** *****, ** **** ** ******* ******. The ***** ***** ********* ******* ***** models, ********* **** *** **** ****** (HX1XXX) ** ****** *** (******) ********* cameras **** **** ******* ********* **** the *, *, ** * *****.

Updated ******** *********

******* ******** ** ******* ***** *************** can ** ***** *******'* ************ ***** **** ** *** **.

**** **** ***** **** ***** ******* include ** "****** *******" ***** ****** for *** ********, ** **** ***** that **** ******* ***** *****, *.*., an *** ******* **** ******** ***** "latest *******" **** ***** *** ****** upgrade, ******* **** ******** ***** *********.

IPVM Image

Dispute ***** ******** ******

***** ***** (***-****-*****; ***-****-*****) ******** ***** vulnerabilities *.* *** *.* ******, ****** assigned **** * *.* (********). ***** refused ** ******* ** **** ** this.

*** ********** ******* ******' *** *****'* scoring ** *** ** "*****", ***** describes ******* ** ********* ************* *** affect ********* ***** **** ******. *** Bashis, ***** **** ******* ****** **** admin ************, ** ***** ** **** to ****** ***** *******.

** *** ********* *****, ** *********** the ******** ** ***** **** *.* to *.* **** ******** *****:

********, ***** ***** ********* *** ************* as * "**** ***" ***** ****** raised ******** **** **** ********* **************:

IPVM Image

Dahua **********

***** *** ******* ********** **** ** press ******* *** ****** ** *** home ****. ** ************ ** ****** within *** ****. ***** **** ** sent ** ***** ** *******, ***** it ****** **** ** *********** **** this ** * ********* *** '*** IoT ********* ****** *************':

IPVM Image

Dahua **** "*** ********* *** *********** *****"

***** ******* ** ******* ** *** details, ******* **** **** **** "*** necessary *** *********** *****":

***** ***** **** ***** ** **** potential *************, ***** *** ***** *** necessary *** *********** ***** ** ******* the *****. ***** ** *** ******** advisory **** ** ******** ** *** North ******* ******* ** ****** ****.

Ignored ****** ******* *******

**** ** ****, ***** ******* *** researchers' ****** ** ***** ***************:

IPVM Image

***:

IPVM Image

**** ** ******** ***** * ****, IPVM ******** ****** ** ******* ********* a ******** **** *****:

IPVM Image

Many ********** *************** *** *****

**** ***** ******** ************* *** ** Dahua’s ******* *** ************* ***** ******.

* **** ***,* ***** ******** ***** ********************* **** “********* *** ******* *** action **** *** ******** **** ** authorized ** **” ** ******* ********* to *****’* ***** *******, ********* ***** and ** ** *** *** ********, including ********* *** *******.

** ********* ****,* ***** ******** *************** **** ********, **** *** ** **** ******* attackers ** **** **** ******* ** the *******.

**** * ***** ****** ****, *********** uncovered ****** *********** ********************* ************ ****** ** *** ***** stream ** ****** ** *******.

*** ** ****,* ******** *** ********* ** ***** devices, ********* ** **** ***** ** Dahua ********.

***, ***** ** ****, ***** ***** face * ******* ******.

***** ********* ********* ************* ********, *********** its“************* ********,”*** **** ***** ******* ******** ********“*** * ***** ***”*** **** ***** “*** *-**** *******...******** [Dahua] ** ******** ******.”

*****'* ******* ***** *************** **** *** risk **** *** ****** *****.

Comments (49)
Avatar
Aitor Fernandez
Sep 07, 2021

** ******** ** ***** *** ***** ago ******* ** **** ***** * "bug" ** *****'* *********, **** ** to **** *** *** *** **** exploited (***), **** * **** ** update ********* ** *** ***** ******* to *** ****** ********.

******** ** *** **** * *** of ********* *********** **** *****'* *** site ******** *******, *** **** **** recently **** **** **** ******* ********. I ***** **** *** *** ******.

(1)
(3)
bm
bashis mcw
Sep 07, 2021

*******, ***** **** ** ****, ***** publishing **** * **** ****. (***** missing ******* *** **** ** ** devices)

(1)
AM
Andrew Myers
Sep 07, 2021

* ****** ** **** ** **********'* ******* ** *** ************* ************ *****... ** ** *****'* **** on *** ***...

(1)
bm
bashis mcw
Sep 07, 2021

****, ***** ** ****** ********* ** the *** **** ** ***** ** Dahua...

(1)
(6)
U
Undisclosed #1
Sep 07, 2021
IPVMU Certified

****** ********?

IPVM Image

(1)
bm
bashis mcw
Sep 07, 2021

*** **** ** ******? ,)

(1)
UI
Undisclosed Integrator #2
Sep 07, 2021

* ***'* *** *** ******* ** it ** **** * **** ***...

IPVM Image

(1)
U
Undisclosed #1
Sep 07, 2021
IPVMU Certified

*** ******** ************** ****** ************* ***** in **** ***** ******** ****** *** login *******…

***** ***** ** **** **** ** their *********** ******** ********** *** *** them ** *** ********* **** :)

(4)
bm
bashis mcw
Sep 07, 2021

*****, *** **** *** *** **** same **** ,)

(2)
(3)
JH
John Honovich
Sep 07, 2021
IPVM

*** ***** ******* *** *** ***** security ********,***** ***** ******** ********, *** *** ****** ***** ******* shows **** ** *** ****** **** Dahua **** *** ******, *** ******* lacks ******* ********** ** ******* *** problems. *** *** ****** ****** ** Dahua **** **** **** *** ** long ** *** ***** ***** *******, they **** **** *******. ****** ** mind.

(3)
UD
Undisclosed Distributor #3
Sep 07, 2021

*** ***** ****, ** ****** ******* back *****?

UI
Undisclosed Integrator #5
Sep 08, 2021

**** *** *** ****. ****** *** thinks ***** ********* **** *** ******** into *** ******** ***** ** ******* and ***** ***** ********** ** *******. The ********* *** ********* **** *** firmware **** *** ***** *** ************ they ***'* ** *****. ***** ** sheep *** **** ********** ******** **** oems ****** ***** ******** **** *** are ** ****** ******** ** *** practice.

U
Undisclosed #1
Sep 08, 2021
IPVMU Certified

**** *** *** ****.

******* ****’** ******** ****** **** *********** who *** ************* ******* ********* **** to **** **** ****** ****** ****** for *****?

* ***’* ***** **.

@****** -

*) **** ** *** ***** - sloppy ** ******.

***

*) ***’* *** ***** **** ******* could ***** * ********* ************ ******** if **** ****** ** - ******** the ****** **** ** ******?

AM
Andrew Myers
Sep 08, 2021

********* ************ ********

**** * ***** **** *****?

* ********: *) *** * ******** attack, * ***** ** ***** ******** to **** ******** ***** ** ****** used *******, **** ** **'* ********* undetectable. ******** ********* ***** ***** ****** and ***** **** *********. *) ** somebody **** ******, **** **** ***** it **** ** *** ****** ******. The **** **** ***** **** *** simple ***** *** "**** *** *** land" ** ***** ** ***** **. Or **** ******, *** ******** ****'* stolen *****.

** ******** ******* ** ****** ******* Hanlon's *****. ***** *** * *** of ****, ******, *********** ********** ** the *****, ****** ** **** ***** code ****** *** ********.

** * ****** *********, ****** *** a ****** ** ***** **** ********** immediately ** ****** ** *********.

(1)
bm
bashis mcw
Sep 08, 2021

*** **** ********* *** ***** ******** in ******** * *** *

(1)
bm
bashis mcw
Sep 08, 2021

******, ******, ** * ***** **** anything ** ******* *********, * ***** defiantly ******* **** ******** ** **, without *** ***** ****** *************. *** FYI, **** ******* ** *** *******, not **** *****. (********** ****** ** Hik)

bm
bashis mcw
Sep 08, 2021

*) ****

*) *******, **** *** *** **, overall **'* ****** ** ***** **** as ** ****

UI
Undisclosed Integrator #4
Sep 07, 2021

** ****** ****** ******* ******* ********* to *** ****** ********? ** *****’* world *** *****’* ****** ******* ***? Would *** *** * ******* ******** wide **** ** *** ******** **** with *** ***** ** ******** **?

(2)
JH
John Honovich
Sep 07, 2021
IPVM

** *************** *** *** ** *****? What ***** ********** **** ** *****'* cloud? ***** *** ***** *****'* *****?

UI
Undisclosed Integrator #5
Sep 08, 2021

**.

(1)
UI
Undisclosed Integrator #4
Sep 08, 2021

** * ******’*. ** ***** ******* are *** ********* ** *** *** what ** *** ***** **** *** happen? ***** *** *** ***** ***** vulnerabilities ** **** *** ****** ******* attacks ****** ** *****.

JH
John Honovich
Sep 08, 2021
IPVM

** *** **** * *****, **** than **** ** *** ***** ************ systems **** ** ***** *********, *****/********? I ********** **** ****** *** ******* with *** ****** / ****** *** response *** **'* ************ *********** ** a ***** ***** ***** *** ************* expect ** ** **** ** ****** their ******* ******** **?

(3)
bm
bashis mcw
Sep 08, 2021

* **** ******* **** **** ****** of **** ******/********...

UI
Undisclosed Integrator #5
Sep 08, 2021

** ****** **** **

bm
bashis mcw
Sep 08, 2021

*** ** *** ***** *** ***** work? **'* *** ***** ********, *** nowadays **'* *** ***** *** ***** (AKA ****), *** **** *** ***** back **** ****. ****'* *** "*******"...

IA
Igor Averchenko
Sep 08, 2021

"******* ****** *** ***** *****-********"

**** **** ******* (** ********) *** examined *****.

JH
John Honovich
Sep 08, 2021
IPVM

***** *** ********* ***** ********, ****** *********** ******* ** ** they '*******' ****** ****** **** ** being **** *****'* *** ****** *****:

IPVM Image

(2)
(1)
bm
bashis mcw
Sep 08, 2021

** ****** ***** *** ******* *** also ********, * ***** ** ********* surprised ** *** ** **** ******'* be **.

(1)
JH
John Honovich
Sep 10, 2021
IPVM

***** ******* *** ** ** **** the ********* ******** ** *** ******** upgrade *****, ****** **** **'* *** fault *** ****** *** ********:

**** **** ******** *******, *** ********** installation ** **** ******* ******* *******, in ****, ** ********* ****** ********* previous ******** **** ** **** ********. We ** *** **** ** **** has **** ************ ******** **** ***** firmware ********, *** ******** ** *** not, ***** ***** ******* **** *******. Thus *** ** ****** ***** ******** has ******* *** ** ** **** any ******** ***** **** ******* *******. Any ******** **** **** ********** **** issues ** ********** ** ***** *** to ** ** ** *** ******* technical *******.

*** *******, **** ** **** ** reported:

** **** ***** **** **** ******* often *****, *.*., ** *** ******* 2018 ******** ***** "****** *******" **** using *** ****** *******, ******* **** firmware ***** *********.

IPVM Image

*'** ***** ***** ** ******* *** their ******** ******** ******* ****** **** that *** **** ******** ** *** of ****.

SF
Shay Fogel
Sep 23, 2021

** ********** ****** *****'* ********, *** never ******* ** ****** ******* ****** update (**'* *** ****** *******' ***** time), ***** ** ****** *** * newer ******* ********* *** ****** ******.

UM
Undisclosed Manufacturer #6
Sep 23, 2021

*** ************ **** ******** **** ******** updates ** **** ************ ** ******. If *** *** ****** * **** you ****** ** **** ** ******** the ****** ******* *** ** ****. Having ** **** **'* ********** *** then ***** **** *** ************ ******** and ******* ******* **** **** ** works ** ***********. **** **** ************* who **** *** ******* *** ** their ***** ******. **** ** **** on ** * **** ************ *** can ******* ***** ********.

* ******** ******* **** ****** ** able ** ** **** **** *** if ** ****** ** ******, ******** the ****** *** ******* *** ******, reporting *** ******. ** ***, ** is *** * ************ ******* ** manage ************ *********.

(1)
JH
John Honovich
Sep 23, 2021
IPVM
SF
Shay Fogel
Sep 23, 2021

*** **** **** ** ******* ** devices ********* ** *** *** ******* Dahua's *** ***** ******* (******* ***** port **********)?

bm
bashis mcw
Sep 23, 2021

** ******, *** - *** *********** I ***** *** ****** ********.

***** *** ***** ** ********* * UDP ****** (********** ***********), ***** * protocol ****** ***** (**** ****** ***/*****) is **** *** **** ******* ******* the *** *** *** ******, *** these *************** ****** ** **** **** the ***** ********.

*******, ** *** *** *** ****/***** or **** ******** ****** **** *** tunnel, **** ***, ***** *************** *** be ****.

* *** *** ***** ** *** another ******** **** ***** ** *** UDP ******, *** ********** ** *** device ** ****** ****** ** ******* to ***** **** ***/***** ** ***.*.*.*, and **** **** *** ** ********** to ****/***** ** ****.

**** **** **** ******* *** * cannot *** ***** ** ** **** question.

(1)
SF
Shay Fogel
Sep 23, 2021

** **** ****, ***** ***** ******** advertise ***** *** ******* ** * free "********" ******* ******* ******** ***** of ***** *************** 😉

(1)
bm
bashis mcw
Sep 24, 2021

****, ***** ***** *** **** *****, they **** ******** ******** ** (******) 3DES ************* ** ***** ** *** possible ** ****** (*** ******** ***) 3DES *********** ** ***** ****. ******** still **, ** *** ******** '************* mode'.

**** ***********, ** *******

(1)
bm
bashis mcw
Sep 23, 2021

* **** ***** **** * ** bit ******* ** *** ***** ***** pushing *** *** ********...

*********

(1)
(1)
JH
John Honovich
Sep 23, 2021
IPVM

*** ***** ** **** ******? **** is **** *** ******** ***?

bm
bashis mcw
Sep 24, 2021

**** ******

JH
John Honovich
Sep 24, 2021
IPVM

** *** **** ********* ** ****, how *** ***** ***** ******** ** be **** **** ****** *** ** are *** ********?

bm
bashis mcw
Sep 24, 2021

**** ********, * **** ***** *** years *** ******* **** *** ** new *** ******* ********, **...

JH
John Honovich
Sep 24, 2021
IPVM

>> ****** ******** ***** <<

**** ** * ******* *****, *** being **** ** **** ***** ******* are ********.

(1)
bm
bashis mcw
Sep 24, 2021

* ******** ******* **** *** ** Dahua ***** **** * ***** *** find ******* ******** *** **** ** my ******* ** ***** *********, ***** they ***** **** ******* * **** so **** ***** **** *** **** for **, ***** * ******* ** inform ***** *** ***** **** * expect ** ** **** ******* ******** for ** ******* ** ***** ******* website.

**** ******** ***** ****...

(2)
bm
bashis mcw
Oct 06, 2021

[*******]

***********

*******

**** * **** ***

/******

(2)
MM
Michael Miller
Oct 07, 2021

********* ***** **** ********** ** *************** remote ******

****'* **** ***** *** ****** **** in ****

IPVM Image

(1)
(1)
Avatar
Ethan Ace
Oct 07, 2021

******, ****'* ************* ******** *** ***** both ***** *************** ** *.* (********), the **** ***** ***********'* ****** *************.

**** ** **** ****** **** *** 8.1 *** *.* ****** ***** ****-********.

(2)
(2)
bm
bashis mcw
Dec 13, 2021

**** ***** *** ********** (*******), *******

****, *** ****** ** *** *************

(2)
Avatar
Ethan Ace
Dec 15, 2021

****** *** ****! *** ******** ******** (updated **/**) ***** ******* ********** ****** series ** *** **** ** ******** models, ***** ****:

IPVM Image

***** ** ***** *****, ** ******** the *************** *** ****** **-*** ***** models, ** *** ******** ****. **'* difficult ** *****-********* **** ** **** because **** *** **** **** ** China *** ***** ** ** ***** single ******* *******, *** **** **** been ************. **************** ******* **** ***** **** ** HX2XXX ****** *****, ** **** ** ******* ******. The ***** ***** ********* ******* ***** models, **** **** ** ***, ********* very *** **** ****** (******) ** higher *** (******) ********* ******* **** more ******* ********* **** *** *, 3, ** * *****.

bm
bashis mcw
Jan 13, 2022

***,

***** '*******' ******** ******** **/**/**** **** old *** *********** ***-****-***** (***********) ******* from **/**/**** (****)

********* **********

* ****** *** **** ****** ** like ****...