Dahua has acknowledged a series of cloud vulnerabilities that researcher Bashis discovered. Additionally, and separately, researcher Thomas Vogt found a separate vulnerability.
Dahua has had numerous vulnerabilities over the past few years including the 2019 critical vulnerabilities that Vogt's team found and the 2017 backdoor that Bashis found. The company is moreover banned for US federal use (NDAA) based on cybersecurity risks.
Inside this report:
- A summary of the vulnerabilities
- The vulnerabilities explained
- A statement from Dahua
- OEMs Impacted
- Response from bashis
- Analysis from Refirm Labs
- Continued cybersecurity issues
- IPVM recommendations