Dahua New Critical Vulnerability 2019

By: John Honovich, Published on Sep 23, 2019

Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored 7.0 - 9.0), found by researchers from the University of Applied Sciences Offenburg who are setting up a startup, IoT Security Systems.

image

Inside this note, we examine the severity of these vulnerabilities, Dahua's response and impact on dealers and OEMs of Dahua.

These vulnerabilities are in addition and separate from the Dahua wiretapping vulnerability disclosed last month.

***** *** ******* ******** 5 *** *************** ********* 1 ******** ************* **** a *.* / **.* CVSS ***** *** * high *************** (****** *.* - *.*), ***** ** researchers **** ************* ** ******* ******** Offenburg*** *** ******* ** a*******, *** ******** *******.

image

****** **** ****, ** examine *** ******** ** these ***************, *****'* ******** and ****** ** ******* and **** ** *****.

***** *************** *** ** addition *** ******** ******* ***** *********** ********************** **** *****.

[***************]

Vulnerabilities **********

***** *** ************* *** ***************:

*** **** ****** (***-****-****) **** "** ******** can ***** * ****** overflow ** ************ ********* packets". ** ********** *** *********** ******** to ******** ********* **** **** vulnerability "****** ** ******** to ******* ********* **** on *** ******". **** is *** ** ******** such * ******** (*.* out ** **.*) ***** since ******* *** **** over *** ******, ****** to ****** *** ***** and ******** ******** ** to *** ** ** attack ***** ******* *******.

***** *** ******** **** need ******* ****** ** the *******, ** ******** **** ******** ** 2017******, ***** *** * large ****** ** ***** devices ********* ** *** public ********.

Collection ** **********

************** **** ******** * collection ** *** ********** with *******.

Models ********

*****'* ******************** * **** ** known ******, ***** ** shows * ****, ** estimate ** ** ****** dozens ** ***** ******:

***** ****** *** ***** generation ***** ** ***-**** cameras. *******, *** ******** up ***** ****** **** is ********.

***** ********* ***** ********* about ***** ***** *** models '***** ** ** affected' *** ** ***** presume **** ***** **** all ** **** ** this ***** ***** *** researchers ******** **** ** Dahua * ****** ***, in ***.

Dahua ******** - ** *********, *** *******

***** ** ******* ****** a *********** ********* **, ****. We ***** ******* ***** this ***** ******** ****************, *** ********* *** 2017 ***** ********, ****** **** ********* with **, ******* ********* below:

** ******* *** ** Dahua ** *** ********* 18th, **** ****** ********* *** *** ** disclosure*** ***** ** ** today, ********* **** *** no ******. ***** ***** only **** *****'* *********** vulnerability:

**** ***** *** ******* are ******** ******* *******. As **** *** *******'* ****.

****

*********, ***** **** *** impacted ******* *** *********** originally ***** *************** ** OEMed ***** *******, **** them ********** ** ****:

*** *************** **** ********** identified ** * *****-******* device **** ***** *** the ******* *** *** yet ******** *** *** firmware **** *****

** ****** ***** ***** *** Honeywell ****** *** *********** vulnerability ******, ** ** *** clear **** ** ** the ******* ***** **** will ** **.

**** ** *** ******* example ** *** ******* of ****** **** ****, even **** ** **** the ******* ** ****** from *****.

Issues ******** *** *****

***** *** **** ******* marketing ***** ******** ** improve ***** *************, ********* an*********** ***** ***** '************* Baseline' **** * ******* video **** ******** ***** to * ****** ******* female:

** **** ******* **** video, *** ***** ******* dismissively **** **** ***** problems '**** * ***** ago'. **** *** ****** of ***************, ********* ***** high *** ******** ******, re-raises ***** *********** ******** about *****'* ************* ***************.

Comments (29)

**** ***** ** ******-********. I **** ** *****'* say **** ************, *** it ***** *** *** impression **** * *** part ** *****'* ***** security ******** ********** *** eating ******* ******* ***** focusing ** ***** ***.

**** *** **** ********* oils

*** *** ** ****** your *******!

* *** ****** *** this ********** **** *** perfect ****-****** *****...

”*** ****, * **** your *******.”

”***, ****, ** **** FIRMware ********, *** ***?”

”****, ****... *’* ***** to ** * **** dump, * **** *** to ***** ** *******.”

**** ***** *** ****, we **** *** **’* her ***********, *********.

***’* **** *** *** sake **** **’* ******* a ********!

****, **** * *** behind *** ******** ** this ***... :)

***** *** **** ****** circulating *** ** ***** a ****** ** ***** on ********** ***** ***************. I ******* **** **** of *** ******** ******* have **** ******** ** its **** * **** thing *** **'* ** update *** ******** *******.

*'* *** ******** ** for ***** **** ******* to *************, *** **** do (*********, *******) *** things **** *** ******.

** ** ** *****, the ****** ***** ** be ***** ********** **** the ********... ***-******, **********, P2P ********* *** *** accessible ***** ****** *** be ********** ****. ****** update ******** *** ****** the ******** ******** ** course!

****** *** * ********** bad *************, *** *** particularly **** ** ******** and * (** *****) half ****** ********** ********* this.

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********. Cisco *** ***** ********* like ** ****-***** ********* in ***** ********

*. ***** *****, ***** often

*. ****** *** ****** correctly

*. ****** ******* ********

********* *** ******* ****** 70 ***'* ** ******* update ** *** **** month *****. ***** *** not **** ** ***'* combined *** *****, *** and ****** ********.

********* ************* ***** ** CVE ***** ****** ** silly. *** ***** *** made * ******** ***** about******, *** ******* ***** 516:

** ** *****, *** bigger ***** **** **** comparisons ** **** ******* software ****** *** ****** are *** *****. ********* releases **** ****** ** magnitude **** ******** **** Dahua *** ** ***** far **** ******** **** Dahua.

** *** ********* ********** disagree ***** ******* ***** vulnerabilities ****** ** *** should ** *********** (*.*., integrator ** ************, ***.) but ***** ********** *** count *** '*******' ** judging ************* ** **********.

****,

*** '****** ** ***' for *** ********** ** sources ** ******* **** so * ********* *** of *** **** ****** posting... (***** **'* ***** me **** **** ** address **** *****)

** *** ** ***** - ****(***** ** *** ***** for ********* ***************)

*** **** ******* ** publicly ********** ****:*****://***.*****.***/****/*********/********.***

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** **** * years, **** *** *** results ** ************:

*********: **** = *, 2018 = *, **** = *

*****: **** = *, 2018 = *, **** = **

******: **** =**, **** = **, **** = 237

***** **** = **, 2018 = **, **** = ***

*********: **** = ***, 2018 = ***, **** = ***

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ********* ** ********* was ** *** ** in ******* *******. (** would ** *********** ** see ** ********* ***** security ****** ******** *** software ** **** ***** do * ****** ***!)

** ** *****. *** vulnerabilities *** ********* *** need ** ** *********. In *** ******** ********, we ***** * **** higher ******** ** ****** secure ******** - * did *** **** ** give *** ********** ** the ********!!!

********** ** ****** ** product, ***** ** ****** or ********** ** *** body ** ************, **, as *********** **********/*********/*********** **** place * ****** ***** on ********* ********* ** such * *** **** any ****** ************* ** mitigated ** *** *********** we ******* *** **.

* ***** ******* ** this *** *** ****** Underground ***** ******* **** outlets ******* **** *** populace ** *** ***** that *** ******* ********** can *** ********** ** the *** *******. **** cannot ** **** ** the **** ******* ******* were *** *** ********* and *** ** *** CCTV ******** *** ********** isolated **** **** ***** and ** *** ** anywhere **** ************** ******* providers (*** **** ******* owns *** **** *** railway ***** *** **, so ** **** **** connectivity ******* *** *****, they **** ** * fibre)

** ***** *****, **** IF ***** *** * vulnerability **** ******** *** CCTV ******'* *********, ** could *** *** **** gained ******* ****** *** could ** **** **** affected ** (******* ** use ** *** **** overly **** ****** ** mainstream ***** **********) '**** Doors'

**** * **** ** give *** ********...

*** *********** *** ***self ******* *** ********** ***** ********* will do their CVE's, no matter if the vulnerability has been found in-house or reported from externally.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********. **** ***** explain **** *******.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********

******, **** *****. *'* add **** **** * company ****** ****** *** cybersecurity *********** ** *** count, **** **** * massive ************ ** **** CVEs.

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** ******?

*** **** ***:

******: **** =**, **** = **, **** = 237

** ** ** **** own *********** ****** *** 237 ** *** **** 3 *****, *** *** you ******** *** *** 'very *******' ** *** "***** *** *** **** 70 ***'* ******** *** Dahua, *** *** ****** combined"??

*****, ** ** *****, ranking ** ********** ******* based ** *** ***** is ********** *** **** by **** *** *****, you *** *****. * just **** *** ** be **** ****** *** do ****** ****-********.

** ***** ** *********** to *** ** ********* wrote ******** ****** ******** and ******** ** **** could ** * ****** job!

** ***** ** *** should *** ******** ********* is ***** * '*****' or '******' *** **** Dahua ***** ** *** counts. ********* ******** **** or ***** *** ****** of **** ***** *** is ***** *** ** 100x, ***. *** ****** of ******** ** *****.

***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'* fairly ******* *** ****** across *********.

****** * ***** ****** from ******** ****... ** comments **** ***** ** 2019 ****. * ******** the **** ***** ***** to **** *******.

** ******** **** ***** on **** ****

**,**** ******** ******* ***:

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********.

*****, *** ** *** keep ******** ** *** counts? ** *** ****** think *** *** ************ and ************ ******* ***** to ********* ***** ** CVE ******? **** *** of *** ****** ***** the ********* ***** ****** different ** ***** ** development *** ******** **** any ***** ** ***?

*** *** * *** essentially ********* *** ****** of ****** ***** ** an ******** ******* ** a ***.

"***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'*fairly ******* *** ****** ****** *********"

*** **** ***** ****** to *** *** **** comparison?

* ***'* **** **** single ****** ***** ** fair / ********. ****** with *****, **** **** to *****.

***** *** *** ****** is **** ******?

*** **** ***** **** lost ******* ** *** problem

*** ***** **** ******* of *** "*******" ************* problem

********* **** ********** $*** *******.

*** ****** ****** ***** surveillance ****** *** ****** or **** **** $** billion.

**'* * *** **** to ******* * ******* whose ******* ** * to ** *** **** of ** ****** ********.

*** ***** ***** *******

****** *** **** ***** has **** **** ******* of **** "******" **

****** *** **** ***** has **** **** ******* of **** "******" **

** ***** ** ****** at ************* **** *********?

** *** '*** ***** about *******', ****** **** to ** ******** ** revenue ** ********** ******** impact *** *** **** or ****.

*** *** *** ******* an ******* ** *** much ***** **** **** because ** *****

************* *******!

*****'* ********* *** ***** example ** *** ******** to **** ***** * lot ** ****** **** cleary **** ** ***** -***** ********* **** ******

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

****** **** ********* ** primarily * ******** *******, and *** ****** *** primarily ******** *********.

*** ******* ** ********* software ** *******:********** **** multiple ********* *******, ******** browsers, ** ****** ************, to ***, ** ******, to ********* *****, ** remote ****** *** ** on...

***** ******** ** *****, embedded ********, *****, **, ?

*** **** **** ***** of **** **** ********* produce **** *+*+* ?

****** **** ** ** your ********

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ** *** **** dealer *** *****, **** is *** ***** **** I've ***** ** ***** vulnerabilities. ***** *** * history ** **** ************* and *'* ******* ***** of **. **** ******** with *** ****** ** ignore **** *************** **** attitude ** "**'* ** big ****" ** ***. Their ********* **** ********** lead ** ***** ********. Shame ** **** **** a ***** *******, *** just ***'* ****** *** the ******** ****.

*****, ** **** ***** Dahua * *** ***** and * **** **** are ********. ** ** possible **** ***** *** models *** *** ******** though ** ** **** to **** ***** *****'* various ******** *** ***** naming ***********. ****** ***, Dahua *** ****** ******* inform ***** ********. ** we *** *** ********, we **** ****** ****.

**** *** ** *** of *** ******, ***’* a ***** *! *** needs * **** *********** partner:

****** **** ******* ** in *****, ** ** is ********** * ******, and *** **** ***** to **** *** ********* on * ****...

*** ***, ******* *** outward *******, ** ***** quite ********** :)

*********** *****, *******,

[*] *****'* **** ** my "***-*********-*, *****: ****-**-** 09:30:50, *******: *.***.*******.**.*" ** it *** ****** *** not *****.

[*] ***** *** ** be ******* ** ***** device ******.

* **** *** **** [4] & [*] ** bit ***********, ** **** reporting ****** ********... (**, they **** ** ***, but * ***** ***** is ******* ********** */ obfuscated ******* *** **** about **)

********, * ******* ***** that *** ***** *****/********* should ** ********!

[*], [*] *** [*] is ****** ****, ******* new.

[*] ** ********, ** I ****'* ***** **** on **, *** ***** interesting.

***** **** *** '*****-**' has **** '******-****', ** *** * miss *********?

****** **** *** ****** Nussko ***'* *** ******** about *** ******** ******* on ***** ******** ********. Dennis ******** *****'* **** a ******** *******.

*** ****** ************ **** expire **** *********.

*** **** ***** * 404 **** ***** ****, but ***** ***-*** ** response ** ****** ***** to ***** *** ***********. If **** ****** ***** hosting *******, *'* *** sure *** *** ****** would ******* **** ***, unless *** ******* ******* is ****** ** ******** things ** *** ********** in **** *** ******* is ********.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

*** *** ***** ;) - ** *** *** wrong **** ** ***** our *** ********.

* ******* *** ******* at *** ***** ** clarify. *** ***** ** that ****** **** *** not ******, ***. ** or **** **** *******, I'll ****** ***********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body. The hackers...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Hikvision OEM Directory on Aug 13, 2019
The Chinese government-owned and US-government banned Hikvision has become the world's largest video surveillance manufacturer and generally hidden...
Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity on Aug 06, 2019
For years, Honeywell has depended on Dahua, a company with a poor cybersecurity track record and now banned by the US NDAA, for the development and...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...

Most Recent Industry Reports

USA's Feevr Thermal Temperature System Examined on Mar 31, 2020
This US company has burst on to the scene, brashly naming itself 'feevr' and branding itself as a "COVID 19 - AI BASED NON CONTACT THERMAL...
JCI Coronavirus Cuts on Mar 31, 2020
JCI has made coronavirus cuts, the company told employees in an email that IPVM has reviewed. Inside this note, we examine the cuts made, the...
Add Door Operators To Fight Coronavirus on Mar 31, 2020
IPVM recommends that integrators advocate and end-users consider adding door operators to fight the spread of coronavirus. This delivers...
Video Surveillance Business 101 on Mar 30, 2020
This report explains the fundamental elements of the video surveillance business for those new to the industry. This is part of our Video...
FDA Gives Guidance on 'Coronavirus' Thermal Fever Detection Systems on Mar 30, 2020
The US FDA has given IPVM guidance on the use of thermal fever detection systems being marketed for coronavirus, as an explosion of such devices...
Worsen: Integrators Hit Even Harder By Coronavirus on Mar 30, 2020
Integrator's problems have worsened over the past 2 weeks, according to new IPVM survey results. Inside this report, we share statistics and...
Pivot3 Mass Layoffs on Mar 27, 2020
Pivot3 has conducted mass layoffs, the culmination of grand hopes, a quarter of a billion dollars in VC funding, and multiple failures to gain...
Athena CEO Criticizes 'Deplorable' 'Nitpicking', IPVM Refutes on Mar 27, 2020
UPDATE: NBC News Report Cites IPVM On Coronavirus 'Fever Detection' Cameras Athena Security's CEO Lisa Falzone has strongly objected to IPVM's...
Hikvision Admits Sanctions Harming Its Financial Performance on Mar 27, 2020
While Hikvision initially downplayed being sanctioned for human rights abuses, the company is now admitting a significant impact in a new PRC...