Dahua New Critical Vulnerability 2019

By: John Honovich, Published on Sep 23, 2019

Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored 7.0 - 9.0), found by researchers from the University of Applied Sciences Offenburg who are setting up a startup, IoT Security Systems.

image

Inside this note, we examine the severity of these vulnerabilities, Dahua's response and impact on dealers and OEMs of Dahua.

These vulnerabilities are in addition and separate from the Dahua wiretapping vulnerability disclosed last month.

***** *** ******* ******** 5 *** *************** ********* 1 ******** ************* **** a *.* / **.* CVSS ***** *** * high *************** (****** *.* - *.*), ***** ** researchers **** ************* ** ******* ******** Offenburg*** *** ******* ** a*******, *** ******** *******.

image

****** **** ****, ** examine *** ******** ** these ***************, *****'* ******** and ****** ** ******* and **** ** *****.

***** *************** *** ** addition *** ******** ******* ***** *********** ********************** **** *****.

[***************]

Vulnerabilities **********

***** *** ************* *** ***************:

*** **** ****** (***-****-****) **** "** ******** can ***** * ****** overflow ** ************ ********* packets". ** ********** *** *********** ******** to ******** ********* **** **** vulnerability "****** ** ******** to ******* ********* **** on *** ******". **** is *** ** ******** such * ******** (*.* out ** **.*) ***** since ******* *** **** over *** ******, ****** to ****** *** ***** and ******** ******** ** to *** ** ** attack ***** ******* *******.

***** *** ******** **** need ******* ****** ** the *******, ** ******** **** ******** ** 2017******, ***** *** * large ****** ** ***** devices ********* ** *** public ********.

Collection ** **********

************** **** ******** * collection ** *** ********** with *******.

Models ********

*****'* ******************** * **** ** known ******, ***** ** shows * ****, ** estimate ** ** ****** dozens ** ***** ******:

***** ****** *** ***** generation ***** ** ***-**** cameras. *******, *** ******** up ***** ****** **** is ********.

***** ********* ***** ********* about ***** ***** *** models '***** ** ** affected' *** ** ***** presume **** ***** **** all ** **** ** this ***** ***** *** researchers ******** **** ** Dahua * ****** ***, in ***.

Dahua ******** - ** *********, *** *******

***** ** ******* ****** a *********** ********* **, ****. We ***** ******* ***** this ***** ******** ****************, *** ********* *** 2017 ***** ********, ****** **** ********* with **, ******* ********* below:

** ******* *** ** Dahua ** *** ********* 18th, **** ****** ********* *** *** ** disclosure*** ***** ** ** today, ********* **** *** no ******. ***** ***** only **** *****'* *********** vulnerability:

**** ***** *** ******* are ******** ******* *******. As **** *** *******'* ****.

****

*********, ***** **** *** impacted ******* *** *********** originally ***** *************** ** OEMed ***** *******, **** them ********** ** ****:

*** *************** **** ********** identified ** * *****-******* device **** ***** *** the ******* *** *** yet ******** *** *** firmware **** *****

** ****** ***** ***** *** Honeywell ****** *** *********** vulnerability ******, ** ** *** clear **** ** ** the ******* ***** **** will ** **.

**** ** *** ******* example ** *** ******* of ****** **** ****, even **** ** **** the ******* ** ****** from *****.

Issues ******** *** *****

***** *** **** ******* marketing ***** ******** ** improve ***** *************, ********* an*********** ***** ***** '************* Baseline' **** * ******* video **** ******** ***** to * ****** ******* female:

** **** ******* **** video, *** ***** ******* dismissively **** **** ***** problems '**** * ***** ago'. **** *** ****** of ***************, ********* ***** high *** ******** ******, re-raises ***** *********** ******** about *****'* ************* ***************.

Comments (29)

**** ***** ** ******-********. I **** ** *****'* say **** ************, *** it ***** *** *** impression **** * *** part ** *****'* ***** security ******** ********** *** eating ******* ******* ***** focusing ** ***** ***.

**** *** **** ********* oils

*** *** ** ****** your *******!

* *** ****** *** this ********** **** *** perfect ****-****** *****...

”*** ****, * **** your *******.”

”***, ****, ** **** FIRMware ********, *** ***?”

”****, ****... *’* ***** to ** * **** dump, * **** *** to ***** ** *******.”

**** ***** *** ****, we **** *** **’* her ***********, *********.

***’* **** *** *** sake **** **’* ******* a ********!

****, **** * *** behind *** ******** ** this ***... :)

***** *** **** ****** circulating *** ** ***** a ****** ** ***** on ********** ***** ***************. I ******* **** **** of *** ******** ******* have **** ******** ** its **** * **** thing *** **'* ** update *** ******** *******.

*'* *** ******** ** for ***** **** ******* to *************, *** **** do (*********, *******) *** things **** *** ******.

** ** ** *****, the ****** ***** ** be ***** ********** **** the ********... ***-******, **********, P2P ********* *** *** accessible ***** ****** *** be ********** ****. ****** update ******** *** ****** the ******** ******** ** course!

****** *** * ********** bad *************, *** *** particularly **** ** ******** and * (** *****) half ****** ********** ********* this.

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********. Cisco *** ***** ********* like ** ****-***** ********* in ***** ********

*. ***** *****, ***** often

*. ****** *** ****** correctly

*. ****** ******* ********

********* *** ******* ****** 70 ***'* ** ******* update ** *** **** month *****. ***** *** not **** ** ***'* combined *** *****, *** and ****** ********.

********* ************* ***** ** CVE ***** ****** ** silly. *** ***** *** made * ******** ***** about******, *** ******* ***** 516:

** ** *****, *** bigger ***** **** **** comparisons ** **** ******* software ****** *** ****** are *** *****. ********* releases **** ****** ** magnitude **** ******** **** Dahua *** ** ***** far **** ******** **** Dahua.

** *** ********* ********** disagree ***** ******* ***** vulnerabilities ****** ** *** should ** *********** (*.*., integrator ** ************, ***.) but ***** ********** *** count *** '*******' ** judging ************* ** **********.

****,

*** '****** ** ***' for *** ********** ** sources ** ******* **** so * ********* *** of *** **** ****** posting... (***** **'* ***** me **** **** ** address **** *****)

** *** ** ***** - ****(***** ** *** ***** for ********* ***************)

*** **** ******* ** publicly ********** ****:*****://***.*****.***/****/*********/********.***

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** **** * years, **** *** *** results ** ************:

*********: **** = *, 2018 = *, **** = *

*****: **** = *, 2018 = *, **** = **

******: **** =**, **** = **, **** = 237

***** **** = **, 2018 = **, **** = ***

*********: **** = ***, 2018 = ***, **** = ***

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ********* ** ********* was ** *** ** in ******* *******. (** would ** *********** ** see ** ********* ***** security ****** ******** *** software ** **** ***** do * ****** ***!)

** ** *****. *** vulnerabilities *** ********* *** need ** ** *********. In *** ******** ********, we ***** * **** higher ******** ** ****** secure ******** - * did *** **** ** give *** ********** ** the ********!!!

********** ** ****** ** product, ***** ** ****** or ********** ** *** body ** ************, **, as *********** **********/*********/*********** **** place * ****** ***** on ********* ********* ** such * *** **** any ****** ************* ** mitigated ** *** *********** we ******* *** **.

* ***** ******* ** this *** *** ****** Underground ***** ******* **** outlets ******* **** *** populace ** *** ***** that *** ******* ********** can *** ********** ** the *** *******. **** cannot ** **** ** the **** ******* ******* were *** *** ********* and *** ** *** CCTV ******** *** ********** isolated **** **** ***** and ** *** ** anywhere **** ************** ******* providers (*** **** ******* owns *** **** *** railway ***** *** **, so ** **** **** connectivity ******* *** *****, they **** ** * fibre)

** ***** *****, **** IF ***** *** * vulnerability **** ******** *** CCTV ******'* *********, ** could *** *** **** gained ******* ****** *** could ** **** **** affected ** (******* ** use ** *** **** overly **** ****** ** mainstream ***** **********) '**** Doors'

**** * **** ** give *** ********...

*** *********** *** ***self ******* *** ********** ***** ********* will do their CVE's, no matter if the vulnerability has been found in-house or reported from externally.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********. **** ***** explain **** *******.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********

******, **** *****. *'* add **** **** * company ****** ****** *** cybersecurity *********** ** *** count, **** **** * massive ************ ** **** CVEs.

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** ******?

*** **** ***:

******: **** =**, **** = **, **** = 237

** ** ** **** own *********** ****** *** 237 ** *** **** 3 *****, *** *** you ******** *** *** 'very *******' ** *** "***** *** *** **** 70 ***'* ******** *** Dahua, *** *** ****** combined"??

*****, ** ** *****, ranking ** ********** ******* based ** *** ***** is ********** *** **** by **** *** *****, you *** *****. * just **** *** ** be **** ****** *** do ****** ****-********.

** ***** ** *********** to *** ** ********* wrote ******** ****** ******** and ******** ** **** could ** * ****** job!

** ***** ** *** should *** ******** ********* is ***** * '*****' or '******' *** **** Dahua ***** ** *** counts. ********* ******** **** or ***** *** ****** of **** ***** *** is ***** *** ** 100x, ***. *** ****** of ******** ** *****.

***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'* fairly ******* *** ****** across *********.

****** * ***** ****** from ******** ****... ** comments **** ***** ** 2019 ****. * ******** the **** ***** ***** to **** *******.

** ******** **** ***** on **** ****

**,**** ******** ******* ***:

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********.

*****, *** ** *** keep ******** ** *** counts? ** *** ****** think *** *** ************ and ************ ******* ***** to ********* ***** ** CVE ******? **** *** of *** ****** ***** the ********* ***** ****** different ** ***** ** development *** ******** **** any ***** ** ***?

*** *** * *** essentially ********* *** ****** of ****** ***** ** an ******** ******* ** a ***.

"***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'*fairly ******* *** ****** ****** *********"

*** **** ***** ****** to *** *** **** comparison?

* ***'* **** **** single ****** ***** ** fair / ********. ****** with *****, **** **** to *****.

***** *** *** ****** is **** ******?

*** **** ***** **** lost ******* ** *** problem

*** ***** **** ******* of *** "*******" ************* problem

********* **** ********** $*** *******.

*** ****** ****** ***** surveillance ****** *** ****** or **** **** $** billion.

**'* * *** **** to ******* * ******* whose ******* ** * to ** *** **** of ** ****** ********.

*** ***** ***** *******

****** *** **** ***** has **** **** ******* of **** "******" **

****** *** **** ***** has **** **** ******* of **** "******" **

** ***** ** ****** at ************* **** *********?

** *** '*** ***** about *******', ****** **** to ** ******** ** revenue ** ********** ******** impact *** *** **** or ****.

*** *** *** ******* an ******* ** *** much ***** **** **** because ** *****

************* *******!

*****'* ********* *** ***** example ** *** ******** to **** ***** * lot ** ****** **** cleary **** ** ***** -***** ********* **** ******

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

****** **** ********* ** primarily * ******** *******, and *** ****** *** primarily ******** *********.

*** ******* ** ********* software ** *******:********** **** multiple ********* *******, ******** browsers, ** ****** ************, to ***, ** ******, to ********* *****, ** remote ****** *** ** on...

***** ******** ** *****, embedded ********, *****, **, ?

*** **** **** ***** of **** **** ********* produce **** *+*+* ?

****** **** ** ** your ********

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ** *** **** dealer *** *****, **** is *** ***** **** I've ***** ** ***** vulnerabilities. ***** *** * history ** **** ************* and *'* ******* ***** of **. **** ******** with *** ****** ** ignore **** *************** **** attitude ** "**'* ** big ****" ** ***. Their ********* **** ********** lead ** ***** ********. Shame ** **** **** a ***** *******, *** just ***'* ****** *** the ******** ****.

*****, ** **** ***** Dahua * *** ***** and * **** **** are ********. ** ** possible **** ***** *** models *** *** ******** though ** ** **** to **** ***** *****'* various ******** *** ***** naming ***********. ****** ***, Dahua *** ****** ******* inform ***** ********. ** we *** *** ********, we **** ****** ****.

**** *** ** *** of *** ******, ***’* a ***** *! *** needs * **** *********** partner:

****** **** ******* ** in *****, ** ** is ********** * ******, and *** **** ***** to **** *** ********* on * ****...

*** ***, ******* *** outward *******, ** ***** quite ********** :)

*********** *****, *******,

[*] *****'* **** ** my "***-*********-*, *****: ****-**-** 09:30:50, *******: *.***.*******.**.*" ** it *** ****** *** not *****.

[*] ***** *** ** be ******* ** ***** device ******.

* **** *** **** [4] & [*] ** bit ***********, ** **** reporting ****** ********... (**, they **** ** ***, but * ***** ***** is ******* ********** */ obfuscated ******* *** **** about **)

********, * ******* ***** that *** ***** *****/********* should ** ********!

[*], [*] *** [*] is ****** ****, ******* new.

[*] ** ********, ** I ****'* ***** **** on **, *** ***** interesting.

***** **** *** '*****-**' has **** '******-****', ** *** * miss *********?

****** **** *** ****** Nussko ***'* *** ******** about *** ******** ******* on ***** ******** ********. Dennis ******** *****'* **** a ******** *******.

*** ****** ************ **** expire **** *********.

*** **** ***** * 404 **** ***** ****, but ***** ***-*** ** response ** ****** ***** to ***** *** ***********. If **** ****** ***** hosting *******, *'* *** sure *** *** ****** would ******* **** ***, unless *** ******* ******* is ****** ** ******** things ** *** ********** in **** *** ******* is ********.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

*** *** ***** ;) - ** *** *** wrong **** ** ***** our *** ********.

* ******* *** ******* at *** ***** ** clarify. *** ***** ** that ****** **** *** not ******, ***. ** or **** **** *******, I'll ****** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher Bashis discovered. Additionally, and separately, researcher Thomas Vogt...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Dahua USA Celebrates 5 Years of Errors on May 22, 2019
Dahua USA is, in their own words, 'celebrating' 5 years in North America or as trade magazine SSN declared: Dahua Technology finds success in...
Bosch VDOO 2018 Vulnerability on Dec 20, 2018
Security research firm VDOO has discovered a critical vulnerability in Bosch IP cameras. Inside, we cover the available details of this new...
SimpliSafe Violating California, Florida, and Texas Licensing Laws on Aug 14, 2018
IPVM has verified that DIY security system provider SimpliSafe, founded in 2006 and acquired in June of 2018 at a billion dollar valuation, is...
Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018
Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...
Axis 5 Vulnerabilities Examined on Dec 01, 2017
A group of vulnerabilities, including a new discovery from bashis (who previously found one of the Dahua backdoors and the 2016 Axis critical...
Dahua Hard-Coded Credentials Vulnerability on Nov 20, 2017
A newly discovered Dahua backdoor is described by the researcher discovering it as: not the result of an accidental logic error or poor...
Uniview Recorder Backdoor Examined on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
1 Million Dahua Devices Exposed To Backdoor on Mar 22, 2017
Statistics show that 1 million Dahua devices are publicly exposed and vulnerable to the Dahua backdoor. Despite this, Dahua has downplayed the...

Most Recent Industry Reports

Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...