Dahua New Critical Vulnerability 2019

By John Honovich, Published Sep 23, 2019, 08:51am EDT

Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored 7.0 - 9.0), found by researchers from the University of Applied Sciences Offenburg who are setting up a startup, IoT Security Systems.

IPVM Image

Inside this note, we examine the severity of these vulnerabilities, Dahua's response and impact on dealers and OEMs of Dahua.

These vulnerabilities are in addition and separate from the Dahua wiretapping vulnerability disclosed last month.

Vulnerabilities **********

***** *** ************* *** ***************:

IPVM Image

*** **** ****** (***-****-****) **** "** ******** can ***** * ****** overflow ** ************ ********* packets". ** ********** *** *********** ******** to ******** ********* **** **** vulnerability "****** ** ******** to ******* ********* **** on *** ******". **** is *** ** ******** such * ******** (*.* out ** **.*) ***** since ******* *** **** over *** ******, ****** to ****** *** ***** and ******** ******** ** to *** ** ** attack ***** ******* *******.

***** *** ******** **** need ******* ****** ** the *******, ** ******** **** ******** ** 2017******, ***** *** * large ****** ** ***** devices ********* ** *** public ********.

Collection ** **********

************** **** ******** * collection ** *** ********** with *******.

Models ********

*****'* ******************** * **** ** known ******, ***** ** shows * ****, ** estimate ** ** ****** dozens ** ***** ******:

IPVM Image

***** ****** *** ***** generation ***** ** ***-**** cameras. *******, *** ******** up ***** ****** **** is ********.

***** ********* ***** ********* about ***** ***** *** models '***** ** ** affected' *** ** ***** presume **** ***** **** all ** **** ** this ***** ***** *** researchers ******** **** ** Dahua * ****** ***, in ***.

Dahua ******** - ** *********, *** *******

***** ** ******* ****** a *********** ********* **, ****. We ***** ******* ***** this ***** ******** ****************, *** ********* *** 2017 ***** ********, ****** **** ********* with **, ******* ********* below:

IPVM Image

** ******* *** ** Dahua ** *** ********* 18th, **** ****** ********* *** *** ** disclosure*** ***** ** ** today, ********* **** *** no ******. ***** ***** only **** *****'* *********** vulnerability:

IPVM Image

**** ***** *** ******* are ******** ******* *******. As **** *** *******'* ****.

****

*********, ***** **** *** impacted ******* *** *********** originally ***** *************** ** OEMed ***** *******, **** them ********** ** ****:

*** *************** **** ********** identified ** * *****-******* device **** ***** *** the ******* *** *** yet ******** *** *** firmware **** *****

** ****** ***** ***** *** Honeywell ****** *** *********** vulnerability ******, ** ** *** clear **** ** ** the ******* ***** **** will ** **.

**** ** *** ******* example ** *** ******* of ****** **** ****, even **** ** **** the ******* ** ****** from *****.

Issues ******** *** *****

***** *** **** ******* marketing ***** ******** ** improve ***** *************, ********* an*********** ***** ***** '************* Baseline' **** * ******* video **** ******** ***** to * ****** ******* female:

** **** ******* **** video, *** ***** ******* dismissively **** **** ***** problems '**** * ***** ago'. **** *** ****** of ***************, ********* ***** high *** ******** ******, re-raises ***** *********** ******** about *****'* ************* ***************.

Comments (29)

**** ***** ** ******-********. I **** ** *****'* say **** ************, *** it ***** *** *** impression **** * *** part ** *****'* ***** security ******** ********** *** eating ******* ******* ***** focusing ** ***** ***.

**** *** **** ********* oils

*** *** ** ****** your *******!

* *** ****** *** this ********** **** *** perfect ****-****** *****...

”*** ****, * **** your *******.”

”***, ****, ** **** FIRMware ********, *** ***?”

”****, ****... *’* ***** to ** * **** dump, * **** *** to ***** ** *******.”

**** ***** *** ****, we **** *** **’* her ***********, *********.

***’* **** *** *** sake **** **’* ******* a ********!

****, **** * *** behind *** ******** ** this ***... :)

***** *** **** ****** circulating *** ** ***** a ****** ** ***** on ********** ***** ***************. I ******* **** **** of *** ******** ******* have **** ******** ** its **** * **** thing *** **'* ** update *** ******** *******.

*'* *** ******** ** for ***** **** ******* to *************, *** **** do (*********, *******) *** things **** *** ******.

** ** ** *****, the ****** ***** ** be ***** ********** **** the ********... ***-******, **********, P2P ********* *** *** accessible ***** ****** *** be ********** ****. ****** update ******** *** ****** the ******** ******** ** course!

****** *** * ********** bad *************, *** *** particularly **** ** ******** and * (** *****) half ****** ********** ********* this.

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********. Cisco *** ***** ********* like ** ****-***** ********* in ***** ********

*. ***** *****, ***** often

*. ****** *** ****** correctly

*. ****** ******* ********

********* *** ******* ****** 70 ***'* ** ******* update ** *** **** month *****. ***** *** not **** ** ***'* combined *** *****, *** and ****** ********.

********* ************* ***** ** CVE ***** ****** ** silly. *** ***** *** made * ******** ***** about******, *** ******* ***** 516:

** ** *****, *** bigger ***** **** **** comparisons ** **** ******* software ****** *** ****** are *** *****. ********* releases **** ****** ** magnitude **** ******** **** Dahua *** ** ***** far **** ******** **** Dahua.

** *** ********* ********** disagree ***** ******* ***** vulnerabilities ****** ** *** should ** *********** (*.*., integrator ** ************, ***.) but ***** ********** *** count *** '*******' ** judging ************* ** **********.

****,

*** '****** ** ***' for *** ********** ** sources ** ******* **** so * ********* *** of *** **** ****** posting... (***** **'* ***** me **** **** ** address **** *****)

** *** ** ***** - ****(***** ** *** ***** for ********* ***************)

*** **** ******* ** publicly ********** ****:*****://***.*****.***/****/*********/********.***

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** **** * years, **** *** *** results ** ************:

*********: **** = *, 2018 = *, **** = *

*****: **** = *, 2018 = *, **** = **

******: **** =**, **** = **, **** = 237

***** **** = **, 2018 = **, **** = ***

*********: **** = ***, 2018 = ***, **** = ***

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ********* ** ********* was ** *** ** in ******* *******. (** would ** *********** ** see ** ********* ***** security ****** ******** *** software ** **** ***** do * ****** ***!)

** ** *****. *** vulnerabilities *** ********* *** need ** ** *********. In *** ******** ********, we ***** * **** higher ******** ** ****** secure ******** - * did *** **** ** give *** ********** ** the ********!!!

********** ** ****** ** product, ***** ** ****** or ********** ** *** body ** ************, **, as *********** **********/*********/*********** **** place * ****** ***** on ********* ********* ** such * *** **** any ****** ************* ** mitigated ** *** *********** we ******* *** **.

* ***** ******* ** this *** *** ****** Underground ***** ******* **** outlets ******* **** *** populace ** *** ***** that *** ******* ********** can *** ********** ** the *** *******. **** cannot ** **** ** the **** ******* ******* were *** *** ********* and *** ** *** CCTV ******** *** ********** isolated **** **** ***** and ** *** ** anywhere **** ************** ******* providers (*** **** ******* owns *** **** *** railway ***** *** **, so ** **** **** connectivity ******* *** *****, they **** ** * fibre)

** ***** *****, **** IF ***** *** * vulnerability **** ******** *** CCTV ******'* *********, ** could *** *** **** gained ******* ****** *** could ** **** **** affected ** (******* ** use ** *** **** overly **** ****** ** mainstream ***** **********) '**** Doors'

**** * **** ** give *** ********...

*** *********** *** ***self ******* *** ********** ***** ********* will do their CVE's, no matter if the vulnerability has been found in-house or reported from externally.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********. **** ***** explain **** *******.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********

******, **** *****. *'* add **** **** * company ****** ****** *** cybersecurity *********** ** *** count, **** **** * massive ************ ** **** CVEs.

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** ******?

*** **** ***:

******: **** =**, **** = **, **** = 237

** ** ** **** own *********** ****** *** 237 ** *** **** 3 *****, *** *** you ******** *** *** 'very *******' ** *** "***** *** *** **** 70 ***'* ******** *** Dahua, *** *** ****** combined"??

*****, ** ** *****, ranking ** ********** ******* based ** *** ***** is ********** *** **** by **** *** *****, you *** *****. * just **** *** ** be **** ****** *** do ****** ****-********.

** ***** ** *********** to *** ** ********* wrote ******** ****** ******** and ******** ** **** could ** * ****** job!

** ***** ** *** should *** ******** ********* is ***** * '*****' or '******' *** **** Dahua ***** ** *** counts. ********* ******** **** or ***** *** ****** of **** ***** *** is ***** *** ** 100x, ***. *** ****** of ******** ** *****.

***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'* fairly ******* *** ****** across *********.

****** * ***** ****** from ******** ****... ** comments **** ***** ** 2019 ****. * ******** the **** ***** ***** to **** *******.

** ******** **** ***** on **** ****

**,**** ******** ******* ***:

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********.

*****, *** ** *** keep ******** ** *** counts? ** *** ****** think *** *** ************ and ************ ******* ***** to ********* ***** ** CVE ******? **** *** of *** ****** ***** the ********* ***** ****** different ** ***** ** development *** ******** **** any ***** ** ***?

*** *** * *** essentially ********* *** ****** of ****** ***** ** an ******** ******* ** a ***.

"***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'*fairly ******* *** ****** ****** *********"

*** **** ***** ****** to *** *** **** comparison?

* ***'* **** **** single ****** ***** ** fair / ********. ****** with *****, **** **** to *****.

***** *** *** ****** is **** ******?

*** **** ***** **** lost ******* ** *** problem

*** ***** **** ******* of *** "*******" ************* problem

********* **** ********** $*** *******.

*** ****** ****** ***** surveillance ****** *** ****** or **** **** $** billion.

**'* * *** **** to ******* * ******* whose ******* ** * to ** *** **** of ** ****** ********.

*** ***** ***** *******

****** *** **** ***** has **** **** ******* of **** "******" **

****** *** **** ***** has **** **** ******* of **** "******" **

** ***** ** ****** at ************* **** *********?

** *** '*** ***** about *******', ****** **** to ** ******** ** revenue ** ********** ******** impact *** *** **** or ****.

*** *** *** ******* an ******* ** *** much ***** **** **** because ** *****

************* *******!

*****'* ********* *** ***** example ** *** ******** to **** ***** * lot ** ****** **** cleary **** ** ***** -***** ********* **** ******

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

****** **** ********* ** primarily * ******** *******, and *** ****** *** primarily ******** *********.

*** ******* ** ********* software ** *******:********** **** multiple ********* *******, ******** browsers, ** ****** ************, to ***, ** ******, to ********* *****, ** remote ****** *** ** on...

***** ******** ** *****, embedded ********, *****, **, ?

*** **** **** ***** of **** **** ********* produce **** *+*+* ?

****** **** ** ** your ********

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ** *** **** dealer *** *****, **** is *** ***** **** I've ***** ** ***** vulnerabilities. ***** *** * history ** **** ************* and *'* ******* ***** of **. **** ******** with *** ****** ** ignore **** *************** **** attitude ** "**'* ** big ****" ** ***. Their ********* **** ********** lead ** ***** ********. Shame ** **** **** a ***** *******, *** just ***'* ****** *** the ******** ****.

*****, ** **** ***** Dahua * *** ***** and * **** **** are ********. ** ** possible **** ***** *** models *** *** ******** though ** ** **** to **** ***** *****'* various ******** *** ***** naming ***********. ****** ***, Dahua *** ****** ******* inform ***** ********. ** we *** *** ********, we **** ****** ****.

**** *** ** *** of *** ******, ***’* a ***** *! *** needs * **** *********** partner:

****** **** ******* ** in *****, ** ** is ********** * ******, and *** **** ***** to **** *** ********* on * ****...

*** ***, ******* *** outward *******, ** ***** quite ********** :)

*********** *****, *******,

[*] *****'* **** ** my "***-*********-*, *****: ****-**-** 09:30:50, *******: *.***.*******.**.*" ** it *** ****** *** not *****.

[*] ***** *** ** be ******* ** ***** device ******.

* **** *** **** [4] & [*] ** bit ***********, ** **** reporting ****** ********... (**, they **** ** ***, but * ***** ***** is ******* ********** */ obfuscated ******* *** **** about **)

********, * ******* ***** that *** ***** *****/********* should ** ********!

[*], [*] *** [*] is ****** ****, ******* new.

[*] ** ********, ** I ****'* ***** **** on **, *** ***** interesting.

***** **** *** '*****-**' has **** '******-****', ** *** * miss *********?

****** **** *** ****** Nussko ***'* *** ******** about *** ******** ******* on ***** ******** ********. Dennis ******** *****'* **** a ******** *******.

*** ****** ************ **** expire **** *********.

*** **** ***** * 404 **** ***** ****, but ***** ***-*** ** response ** ****** ***** to ***** *** ***********. If **** ****** ***** hosting *******, *'* *** sure *** *** ****** would ******* **** ***, unless *** ******* ******* is ****** ** ******** things ** *** ********** in **** *** ******* is ********.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

*** *** ***** ;) - ** *** *** wrong **** ** ***** our *** ********.

* ******* *** ******* at *** ***** ** clarify. *** ***** ** that ****** **** *** not ******, ***. ** or **** **** *******, I'll ****** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,653 reports, 896 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports