Dahua New Critical Vulnerability 2019

By: John Honovich, Published on Sep 23, 2019

Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored 7.0 - 9.0), found by researchers from the University of Applied Sciences Offenburg who are setting up a startup, IoT Security Systems.

Inside this note, we examine the severity of these vulnerabilities, Dahua's response and impact on dealers and OEMs of Dahua.

These vulnerabilities are in addition and separate from the Dahua wiretapping vulnerability disclosed last month.

***** *** ******* ******** 5 *** *************** ********* 1 ******** ************* **** a *.* / **.* CVSS ***** *** * high *************** (****** *.* - *.*), ***** ** researchers **** ************* ** ******* ******** Offenburg*** *** ******* ** a*******, *** ******** *******.

****** **** ****, ** examine *** ******** ** these ***************, *****'* ******** and ****** ** ******* and **** ** *****.

***** *************** *** ** addition *** ******** ******* ***** *********** ********************** **** *****.

[***************]

Vulnerabilities **********

***** *** ************* *** ***************:

*** **** ****** (***-****-****) **** "** ******** can ***** * ****** overflow ** ************ ********* packets". ** ********** *** *********** ******** to ******** ********* **** **** vulnerability "****** ** ******** to ******* ********* **** on *** ******". **** is *** ** ******** such * ******** (*.* out ** **.*) ***** since ******* *** **** over *** ******, ****** to ****** *** ***** and ******** ******** ** to *** ** ** attack ***** ******* *******.

***** *** ******** **** need ******* ****** ** the *******, ** ******** **** ******** ** 2017******, ***** *** * large ****** ** ***** devices ********* ** *** public ********.

Collection ** **********

************** **** ******** * collection ** *** ********** with *******.

Models ********

*****'* ******************** * **** ** known ******, ***** ** shows * ****, ** estimate ** ** ****** dozens ** ***** ******:

***** ****** *** ***** generation ***** ** ***-**** cameras. *******, *** ******** up ***** ****** **** is ********.

***** ********* ***** ********* about ***** ***** *** models '***** ** ** affected' *** ** ***** presume **** ***** **** all ** **** ** this ***** ***** *** researchers ******** **** ** Dahua * ****** ***, in ***.

Dahua ******** - ** *********, *** *******

***** ** ******* ****** a *********** ********* **, ****. We ***** ******* ***** this ***** ******** ****************, *** ********* *** 2017 ***** ********, ****** **** ********* with **, ******* ********* below:

** ******* *** ** Dahua ** *** ********* 18th, **** ****** ********* *** *** ** disclosure*** ***** ** ** today, ********* **** *** no ******. ***** ***** only **** *****'* *********** vulnerability:

**** ***** *** ******* are ******** ******* *******. As **** *** *******'* ****.

****

*********, ***** **** *** impacted ******* *** *********** originally ***** *************** ** OEMed ***** *******, **** them ********** ** ****:

*** *************** **** ********** identified ** * *****-******* device **** ***** *** the ******* *** *** yet ******** *** *** firmware **** *****

** ****** ***** ***** *** Honeywell ****** *** *********** vulnerability ******, ** ** *** clear **** ** ** the ******* ***** **** will ** **.

**** ** *** ******* example ** *** ******* of ****** **** ****, even **** ** **** the ******* ** ****** from *****.

Issues ******** *** *****

***** *** **** ******* marketing ***** ******** ** improve ***** *************, ********* an*********** ***** ***** '************* Baseline' **** * ******* video **** ******** ***** to * ****** ******* female:

** **** ******* **** video, *** ***** ******* dismissively **** **** ***** problems '**** * ***** ago'. **** *** ****** of ***************, ********* ***** high *** ******** ******, re-raises ***** *********** ******** about *****'* ************* ***************.

Comments (29)

Undisclosed #1

09/23/19 01:18pm

**** ***** ** ******-********. I **** ** *****'* say **** ************, *** it ***** *** *** impression **** * *** part ** *****'* ***** security ******** ********** *** eating ******* ******* ***** focusing ** ***** ***.

Undisclosed Manufacturer #5

In reply to Undisclosed #1 | 09/25/19 12:05pm

**** *** **** ********* oils

Undisclosed #6

In reply to Undisclosed Manufacturer #5 | 09/25/19 12:25pm

*** *** ** ****** your *******!

Undisclosed Manufacturer #2

09/23/19 09:19am

* *** ****** *** this ********** **** *** perfect ****-****** *****...

”*** ****, * **** your *******.”

”***, ****, ** **** FIRMware ********, *** ***?”

”****, ****... *’* ***** to ** * **** dump, * **** *** to ***** ** *******.”

**** ***** *** ****, we **** *** **’* her ***********, *********.

***’* **** *** *** sake **** **’* ******* a ********!

Undisclosed Integrator #3

09/23/19 10:28am

****, **** * *** behind *** ******** ** this ***... :)

***** *** **** ****** circulating *** ** ***** a ****** ** ***** on ********** ***** ***************. I ******* **** **** of *** ******** ******* have **** ******** ** its **** * **** thing *** **'* ** update *** ******** *******.

*'* *** ******** ** for ***** **** ******* to *************, *** **** do (*********, *******) *** things **** *** ******.

** ** ** *****, the ****** ***** ** be ***** ********** **** the ********... ***-******, **********, P2P ********* *** *** accessible ***** ****** *** be ********** ****. ****** update ******** *** ****** the ******** ******** ** course!

****** *** * ********** bad *************, *** *** particularly **** ** ******** and * (** *****) half ****** ********** ********* this.

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********. Cisco *** ***** ********* like ** ****-***** ********* in ***** ********

*. ***** *****, ***** often

*. ****** *** ****** correctly

*. ****** ******* ********

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 09/23/19 10:39am

********* *** ******* ****** 70 ***'* ** ******* update ** *** **** month *****. ***** *** not **** ** ***'* combined *** *****, *** and ****** ********.

********* ************* ***** ** CVE ***** ****** ** silly. *** ***** *** made * ******** ***** about******, *** ******* ***** 516:

** ** *****, *** bigger ***** **** **** comparisons ** **** ******* software ****** *** ****** are *** *****. ********* releases **** ****** ** magnitude **** ******** **** Dahua *** ** ***** far **** ******** **** Dahua.

** *** ********* ********** disagree ***** ******* ***** vulnerabilities ****** ** *** should ** *********** (*.*., integrator ** ************, ***.) but ***** ********** *** count *** '*******' ** judging ************* ** **********.

Undisclosed Integrator #3

In reply to John Honovich | 09/25/19 02:40pm

****,

*** '****** ** ***' for *** ********** ** sources ** ******* **** so * ********* *** of *** **** ****** posting... (***** **'* ***** me **** **** ** address **** *****)

** *** ** ***** - ****(***** ** *** ***** for ********* ***************)

*** **** ******* ** publicly ********** ****:*****://***.*****.***/****/*********/********.***

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** **** * years, **** *** *** results ** ************:

*********: **** = *, 2018 = *, **** = *

*****: **** = *, 2018 = *, **** = **

******: **** =**, **** = **, **** = 237

***** **** = **, 2018 = **, **** = ***

*********: **** = ***, 2018 = ***, **** = ***

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ********* ** ********* was ** *** ** in ******* *******. (** would ** *********** ** see ** ********* ***** security ****** ******** *** software ** **** ***** do * ****** ***!)

** ** *****. *** vulnerabilities *** ********* *** need ** ** *********. In *** ******** ********, we ***** * **** higher ******** ** ****** secure ******** - * did *** **** ** give *** ********** ** the ********!!!

********** ** ****** ** product, ***** ** ****** or ********** ** *** body ** ************, **, as *********** **********/*********/*********** **** place * ****** ***** on ********* ********* ** such * *** **** any ****** ************* ** mitigated ** *** *********** we ******* *** **.

* ***** ******* ** this *** *** ****** Underground ***** ******* **** outlets ******* **** *** populace ** *** ***** that *** ******* ********** can *** ********** ** the *** *******. **** cannot ** **** ** the **** ******* ******* were *** *** ********* and *** ** *** CCTV ******** *** ********** isolated **** **** ***** and ** *** ** anywhere **** ************** ******* providers (*** **** ******* owns *** **** *** railway ***** *** **, so ** **** **** connectivity ******* *** *****, they **** ** * fibre)

** ***** *****, **** IF ***** *** * vulnerability **** ******** *** CCTV ******'* *********, ** could *** *** **** gained ******* ****** *** could ** **** **** affected ** (******* ** use ** *** **** overly **** ****** ** mainstream ***** **********) '**** Doors'

bashis mcw

In reply to Undisclosed Integrator #3 | 09/25/19 02:50pm

**** * **** ** give *** ********...

*** *********** *** ***self ******* *** ********** ***** ********* will do their CVE's, no matter if the vulnerability has been found in-house or reported from externally.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********. **** ***** explain **** *******.

John Honovich

IPVM | In reply to bashis mcw | 09/25/19 02:53pm

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********

******, **** *****. *'* add **** **** * company ****** ****** *** cybersecurity *********** ** *** count, **** **** * massive ************ ** **** CVEs.

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 09/25/19 06:51pm

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** ******?

*** **** ***:

******: **** =**, **** = **, **** = 237

** ** ** **** own *********** ****** *** 237 ** *** **** 3 *****, *** *** you ******** *** *** 'very *******' ** *** "***** *** *** **** 70 ***'* ******** *** Dahua, *** *** ****** combined"??

*****, ** ** *****, ranking ** ********** ******* based ** *** ***** is ********** *** **** by **** *** *****, you *** *****. * just **** *** ** be **** ****** *** do ****** ****-********.

** ***** ** *********** to *** ** ********* wrote ******** ****** ******** and ******** ** **** could ** * ****** job!

** ***** ** *** should *** ******** ********* is ***** * '*****' or '******' *** **** Dahua ***** ** *** counts. ********* ******** **** or ***** *** ****** of **** ***** *** is ***** *** ** 100x, ***. *** ****** of ******** ** *****.

***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'* fairly ******* *** ****** across *********.

Undisclosed Integrator #3

In reply to John Honovich | 09/25/19 07:11pm

****** * ***** ****** from ******** ****... ** comments **** ***** ** 2019 ****. * ******** the **** ***** ***** to **** *******.

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 09/25/19 03:24pm

** ******** **** ***** on **** ****

**,**** ******** ******* ***:

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********.

*****, *** ** *** keep ******** ** *** counts? ** *** ****** think *** *** ************ and ************ ******* ***** to ********* ***** ** CVE ******? **** *** of *** ****** ***** the ********* ***** ****** different ** ***** ** development *** ******** **** any ***** ** ***?

*** *** * *** essentially ********* *** ****** of ****** ***** ** an ******** ******* ** a ***.

Undisclosed #7

In reply to John Honovich | 09/25/19 10:16pm

"***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'*fairly ******* *** ****** ****** *********"

*** **** ***** ****** to *** *** **** comparison?

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 11:55pm

* ***'* **** **** single ****** ***** ** fair / ********. ****** with *****, **** **** to *****.

Undisclosed #7

In reply to John Honovich | 09/26/19 12:00am

***** *** *** ****** is **** ******?

*** **** ***** **** lost ******* ** *** problem

*** ***** **** ******* of *** "*******" ************* problem

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 08:04pm

********* **** ********** $*** *******.

*** ****** ****** ***** surveillance ****** *** ****** or **** **** $** billion.

**'* * *** **** to ******* * ******* whose ******* ** * to ** *** **** of ** ****** ********.

Undisclosed #7

In reply to John Honovich | 09/26/19 12:24am

*** ***** ***** *******

****** *** **** ***** has **** **** ******* of **** "******" **

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 08:27pm

****** *** **** ***** has **** **** ******* of **** "******" **

** ***** ** ****** at ************* **** *********?

** *** '*** ***** about *******', ****** **** to ** ******** ** revenue ** ********** ******** impact *** *** **** or ****.

Undisclosed #7

In reply to John Honovich | 09/26/19 12:31am

*** *** *** ******* an ******* ** *** much ***** **** **** because ** *****

************* *******!

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 08:33pm

*****'* ********* *** ***** example ** *** ******** to **** ***** * lot ** ****** **** cleary **** ** ***** -***** ********* **** ******

Undisclosed #4

In reply to Undisclosed Integrator #3 | 09/25/19 03:05pm

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

****** **** ********* ** primarily * ******** *******, and *** ****** *** primarily ******** *********.

*** ******* ** ********* software ** *******:********** **** multiple ********* *******, ******** browsers, ** ****** ************, to ***, ** ******, to ********* *****, ** remote ****** *** ** on...

***** ******** ** *****, embedded ********, *****, **, ?

*** **** **** ***** of **** **** ********* produce **** *+*+* ?

****** **** ** ** your ********

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

Brian Hampton

IPVMU Certified | In reply to Undisclosed Integrator #3 | 09/25/19 08:27am

** ** *** **** dealer *** *****, **** is *** ***** **** I've ***** ** ***** vulnerabilities. ***** *** * history ** **** ************* and *'* ******* ***** of **. **** ******** with *** ****** ** ignore **** *************** **** attitude ** "**'* ** big ****" ** ***. Their ********* **** ********** lead ** ***** ********. Shame ** **** **** a ***** *******, *** just ***'* ****** *** the ******** ****.

John Honovich

IPVM | In reply to Brian Hampton | 09/25/19 09:49am

*****, ** **** ***** Dahua * *** ***** and * **** **** are ********. ** ** possible **** ***** *** models *** *** ******** though ** ** **** to **** ***** *****'* various ******** *** ***** naming ***********. ****** ***, Dahua *** ****** ******* inform ***** ********. ** we *** *** ********, we **** ****** ****.

Undisclosed #4

09/23/19 10:43am

**** *** ** *** of *** ******, ***’* a ***** *! *** needs * **** *********** partner:

****** **** ******* ** in *****, ** ** is ********** * ******, and *** **** ***** to **** *** ********* on * ****...

*** ***, ******* *** outward *******, ** ***** quite ********** :)

bashis mcw

09/23/19 04:25pm

*********** *****, *******,

[*] *****'* **** ** my "***-*********-*, *****: ****-**-** 09:30:50, *******: *.***.*******.**.*" ** it *** ****** *** not *****.

[*] ***** *** ** be ******* ** ***** device ******.

* **** *** **** [4] & [*] ** bit ***********, ** **** reporting ****** ********... (**, they **** ** ***, but * ***** ***** is ******* ********** */ obfuscated ******* *** **** about **)

********, * ******* ***** that *** ***** *****/********* should ** ********!

[*], [*] *** [*] is ****** ****, ******* new.

[*] ** ********, ** I ****'* ***** **** on **, *** ***** interesting.

bashis mcw

12/08/19 10:41pm

***** **** *** '*****-**' has **** '******-****', ** *** * miss *********?

Undisclosed Integrator #8

In reply to bashis mcw | 12/09/19 09:46am

****** **** *** ****** Nussko ***'* *** ******** about *** ******** ******* on ***** ******** ********. Dennis ******** *****'* **** a ******** *******.

*** ****** ************ **** expire **** *********.

*** **** ***** * 404 **** ***** ****, but ***** ***-*** ** response ** ****** ***** to ***** *** ***********. If **** ****** ***** hosting *******, *'* *** sure *** *** ****** would ******* **** ***, unless *** ******* ******* is ****** ** ******** things ** *** ********** in **** *** ******* is ********.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

Thomas Vogt

In reply to Undisclosed Integrator #8 | 01/27/20 01:22pm

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

*** *** ***** ;) - ** *** *** wrong **** ** ***** our *** ********.

John Honovich

IPVM | In reply to bashis mcw | 12/09/19 09:57am

* ******* *** ******* at *** ***** ** clarify. *** ***** ** that ****** **** *** not ******, ***. ** or **** **** *******, I'll ****** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Related Reports

Dahua Critical Cloud Vulnerabilities on May 12, 2020

Dahua has acknowledged a series of cloud vulnerabilities that researcher Bashis discovered. Additionally, and separately, researcher Thomas Vogt...

Dahua Wiretapping Vulnerability on Aug 02, 2019

IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...

Dahua USA Celebrates 5 Years of Errors on May 22, 2019

Dahua USA is, in their own words, 'celebrating' 5 years in North America or as trade magazine SSN declared: Dahua Technology finds success in...

Bosch VDOO 2018 Vulnerability on Dec 20, 2018

Security research firm VDOO has discovered a critical vulnerability in Bosch IP cameras. Inside, we cover the available details of this new...

SimpliSafe Violating California, Florida, and Texas Licensing Laws on Aug 14, 2018

IPVM has verified that DIY security system provider SimpliSafe, founded in 2006 and acquired in June of 2018 at a billion dollar valuation, is...

Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018

Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...

Axis 5 Vulnerabilities Examined on Dec 01, 2017

A group of vulnerabilities, including a new discovery from bashis (who previously found one of the Dahua backdoors and the 2016 Axis critical...

Dahua Hard-Coded Credentials Vulnerability on Nov 20, 2017

A newly discovered Dahua backdoor is described by the researcher discovering it as: not the result of an accidental logic error or poor...

Uniview Recorder Backdoor Examined on Oct 20, 2017

A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...

1 Million Dahua Devices Exposed To Backdoor on Mar 22, 2017

Statistics show that 1 million Dahua devices are publicly exposed and vulnerable to the Dahua backdoor. Despite this, Dahua has downplayed the...

Most Recent Industry Reports

Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020

Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...

Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020

Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...

Uniview Wrist Temperature Reader Tested on Jul 02, 2020

Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...

Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020

Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...