Dahua New Critical Vulnerability 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored 7.0 - 9.0), found by researchers from the University of Applied Sciences Offenburg who are setting up a startup, IoT Security Systems.
Inside this note, we examine the severity of these vulnerabilities, Dahua's response and impact on dealers and OEMs of Dahua.
These vulnerabilities are in addition and separate from the Dahua wiretapping vulnerability disclosed last month.
Vulnerabilities **********
***** *** ************* *** ***************:
*** **** ****** (***-****-****) **** "** ******** *** ***** a ****** ******** ** ************ ********* packets". ** ********** *** *********** ******** ** ******** ********* **** **** ************* "****** an ******** ** ******* ********* **** on *** ******". **** ** *** it ******** **** * ******** (*.* out ** **.*) ***** ***** ******* can **** **** *** ******, ****** to ****** *** ***** *** ******** directly ** ** *** ** ** attack ***** ******* *******.
***** *** ******** **** **** ******* access ** *** *******, ** ******** **** ******** ** **********, ***** *** * ***** ****** of ***** ******* ********* ** *** public ********.
Collection ** **********
************** **** ******** * ********** ** the ********** **** *******.
Models ********
*****'* ******************** * **** ** ***** ******, while ** ***** * ****, ** estimate ** ** ****** ****** ** total ******:
***** ****** *** ***** ********** ***** to ***-**** *******. *******, *** ******** up ***** ****** **** ** ********.
***** ********* ***** ********* ***** ***** being *** ****** '***** ** ** affected' *** ** ***** ******* **** would **** *** ** **** ** this ***** ***** *** *********** ******** this ** ***** * ****** ***, in ***.
Dahua ******** - ** *********, *** *******
***** ** ******* ****** * *********** ********* **, ****. ** ***** nothing ***** **** ***** ******** ****************, *** ********* *** **** ***** backdoor, ****** **** ********* **** **, partial ********* *****:
** ******* *** ** ***** ** the ********* ****, **** ****** ********* *** *** ** ************* ***** ** ** *****, ********* 23rd *** ** ******. ***** ***** only **** *****'* *********** *************:
**** ***** *** ******* *** ******** remains *******. ** **** *** *******'* ****.
****
*********, ***** **** *** ******** ******* the *********** ********** ***** *************** ** OEMed ***** *******, **** **** ********** to ****:
*** *************** **** ********** ********** ** a *****-******* ****** **** ***** *** the ******* *** *** *** ******** the *** ******** **** *****
** ****** ***** ***** *** ********* ****** the *********** ************* ******, ** ** *** ***** **** or ** *** ******* ***** **** will ** **.
**** ** *** ******* ******* ** the ******* ** ****** **** ****, even **** ** **** *** ******* of ****** **** *****.
Issues ******** *** *****
***** *** **** ******* ********* ***** claiming ** ******* ***** *************, ********* an*********** ***** ***** '************* ********' **** * ******* ***** **** compares ***** ** * ****** ******* female:
** **** ******* **** *****, *** Dahua ******* ************ **** **** ***** problems '**** * ***** ***'. **** new ****** ** ***************, ********* ***** high *** ******** ******, **-****** ***** significant ******** ***** *****'* ************* ***************.
* *** ****** *** **** ********** into *** ******* ****-****** *****...
”*** ****, * **** **** *******.”
”***, ****, ** **** ******** ********, big ***?”
”****, ****... *’* ***** ** ** a **** ****, * **** *** to ***** ** *******.”
**** ***** *** ****, ** **** out **’* *** ***********, *********.
***’* **** *** *** **** **** he’s ******* * ********!
****, **** * *** ****** *** timeline ** **** ***... :)
***** *** **** ****** *********** *** at ***** * ****** ** ***** on ********** ***** ***************. * ******* that **** ** *** ******** ******* have **** ******** ** *** **** a **** ***** *** **'* ** update *** ******** *******.
*'* *** ******** ** *** ***** with ******* ** *************, *** **** do (*********, *******) *** ****** **** are ******.
** ** ** *****, *** ****** needs ** ** ***** ********** **** the ********... ***-******, **********, *** ********* and *** ********** ***** ****** *** be ********** ****. ****** ****** ******** and ****** *** ******** ******** ** course!
****** *** * ********** *** *************, its *** ************ **** ** ******** and * (** *****) **** ****** deployment ********* ****.
** *** **** ** ***********, ********* has ******* ****** ** ***'* ** Windows ****** ** *** **** ***** alone. ***** *** *** **** ** CVE's ******** *** *****, *** *** Huawei ********. ***** *** ***** ********* like ** ****-***** ********* ** ***** products
*. ***** *****, ***** *****
*. ****** *** ****** *********
*. ****** ******* ********
********* *** ******* ****** ** ***'* in ******* ****** ** *** **** month *****. ***** *** *** **** 70 ***'* ******** *** *****, *** and ****** ********.
********* ************* ***** ** *** ***** counts ** *****. *** ***** *** made * ******** ***** ***********, *** ******* ***** ***:
** ** *****, *** ****** ***** with **** *********** ** **** ******* software ****** *** ****** *** *** equal. ********* ******** **** ****** ** magnitude **** ******** **** ***** *** is ***** *** **** ******** **** Dahua.
** *** ********* ********** ******** ***** whether ***** *************** ****** ** *** should ** *********** (*.*., ********** ** manufacturer, ***.) *** ***** ********** *** count *** '*******' ** ******* ************* is **********.
****,
*** '****** ** ***' *** *** validating ** ******* ** ******* **** so * ********* *** ** *** data ****** *******... (***** **'* ***** me **** **** ** ******* **** reply)
** *** ** ***** - ****(***** ** *** ***** *** ********* vulnerabilities)
*** **** ******* ** ******** ********** here:*****://***.*****.***/****/*********/********.***
** ********* ** "********* *** ******* around ** ***'* ** ******* ****** in *** **** ***** *****. ***** are *** **** ** ***'* ******** for *****, *** *** ****** ********." is **** *******.
*** *** **** * *****, **** are *** ******* ** ************:
*********: **** = *, **** = 2, **** = *
*****: **** = *, **** = 0, **** = **
******: **** =**, **** = **, 2017 = ***
***** **** = **, **** = 55, **** = ***
*********: **** = ***, **** = 479, **** = ***
*+*+* ** % ** ********* = 2019 = **.*%, **** = **.*%, 2017 = **%
** ********* ** ********* *** ** put ** ** ******* *******. (** would ** *********** ** *** ** Microsoft ***** ******** ****** ******** *** software ** **** ***** ** * better ***!)
** ** *****. *** *************** *** important *** **** ** ** *********. In *** ******** ********, ** ***** a **** ****** ******** ** ****** secure ******** - * *** *** mean ** **** *** ********** ** the ********!!!
********** ** ****** ** *******, ***** to ****** ** ********** ** *** body ** ************, **, ** *********** installers/designers/maintainers **** ***** * ****** ***** on ********* ********* ** **** * way **** *** ****** ************* ** mitigated ** *** *********** ** ******* for **.
* ***** ******* ** **** *** the ****** *********** ***** ******* **** outlets ******* **** *** ******** ** the ***** **** *** ******* ********** can *** ********** ** *** *** cameras. **** ****** ** **** ** the **** ******* ******* **** *** all ********* *** *** ** *** CCTV ******** *** ********** ******** **** each ***** *** ** *** ** anywhere **** ************** ******* ********* (*** tube ******* **** *** **** *** railway ***** *** **, ** ** they **** ************ ******* *** *****, they **** ** * *****)
** ***** *****, **** ** ***** was * ************* **** ******** *** CCTV ******'* *********, ** ***** *** not **** ****** ******* ****** *** could ** **** **** ******** ** (forgive ** *** ** *** **** overly **** ****** ** ********** ***** journalism) '**** *****'
**** * **** ** **** *** comments...
*** *********** *** ***self ******* *** ********** ***** ********* will do their CVE's, no matter if the vulnerability has been found in-house or reported from externally.
**** ************ ** *** **** *** CVE's ** ***, ********** ** ** notifications ** ******** ***** *** *********. That ***** ******* **** *******.
**** ************ ** *** **** *** CVE's ** ***, ********** ** ** notifications ** ******** ***** *** *********
******, **** *****. *'* *** **** when * ******* ****** ****** *** cybersecurity *********** ** *** *****, **** have * ******* ************ ** **** CVEs.
** ********* ** "********* *** ******* around ** ***'* ** ******* ****** in *** **** ***** *****. ***** are *** **** ** ***'* ******** for *****, *** *** ****** ********." is **** *******.
*** *** ******?
*** **** ***:
******: **** =**, **** = **, 2017 = ***
** ** ** **** *** *********** Huawei *** *** ** *** **** 3 *****, *** *** *** ******** you *** '**** *******' ** *** "***** *** *** **** ** ***'* combined *** *****, *** *** ****** combined"??
*****, ** ** *****, ******* ** evaluating ******* ***** ** *** ***** is ********** *** **** ** **** own *****, *** *** *****. * just **** *** ** ** **** sloppy *** ** ****** ****-********.
** ***** ** *********** ** *** if ********* ***** ******** ****** ******** and ******** ** **** ***** ** a ****** ***!
** ***** ** *** ****** *** conclude ********* ** ***** * '*****' or '******' *** **** ***** ***** on *** ******. ********* ******** **** or ***** *** ****** ** **** Dahua *** ** ***** *** ** 100x, ***. *** ****** ** ******** of *****.
***** ********* ** ***** ** ******** development **** ***** *** ****** **** on *** ****** ** ******* ***** you ***'* ****** ******* *** ****** across *********.
****** * ***** ****** **** ******** post... ** ******** **** ***** ** 2019 ****. * ******** *** **** three ***** ** **** *******.
** ******** **** ***** ** **** only
** *** **** ** ***********, ********* has ******* ****** ** ***'* ** Windows ****** ** *** **** ***** alone. ***** *** *** **** ** CVE's ******** *** *****, *** *** Huawei ********.
*****, *** ** *** **** ******** on *** ******? ** *** ****** think *** *** ************ *** ************ compare ***** ** ********* ***** ** CVE ******? **** *** ** *** points ***** *** ********* ***** ****** different ** ***** ** *********** *** scrutiny **** *** ***** ** ***?
*** *** * *** *********** ********* the ****** ** ****** ***** ** an ******** ******* ** * ***.
"***** ********* ** ***** ** ******** development **** ***** *** ****** **** on *** ****** ** ******* ***** you ***'*fairly ******* *** ****** ****** *********"
*** **** ***** ****** ** *** for **** **********?
* ***'* **** **** ****** ****** would ** **** / ********. ****** with *****, **** **** ** *****.
***** *** *** ****** ** **** metric?
*** **** ***** **** **** ******* of *** *******
*** ***** **** ******* ** *** "cameras" ************* *******
********* **** ********** $*** *******.
*** ****** ****** ***** ************ ****** was ****** ** **** **** $** billion.
**'* * *** **** ** ******* a ******* ***** ******* ** * to ** *** **** ** ** entire ********.
*** ***** ***** *******
****** *** **** ***** *** **** lost ******* ** **** "******" **
****** *** **** ***** *** **** lost ******* ** **** "******" **
** ***** ** ****** ** ************* than *********?
** *** '*** ***** ***** *******', losses **** ** ** ******** ** revenue ** ********** ******** ****** *** net **** ** ****.
*** *** *** ******* ** ******* of *** **** ***** **** **** because ** *****
************* *******!
*****'* ********* *** ***** ******* ** the ******** ** **** ***** * lot ** ****** **** ****** **** on ***** -***** ********* **** ******
** ********* ** "********* *** ******* around ** ***'* ** ******* ****** in *** **** ***** *****. ***** are *** **** ** ***'* ******** for *****, *** *** ****** ********." is **** *******.
****** **** ********* ** ********* * software *******, *** *** ****** *** primarily ******** *********.
*** ******* ** ********* ******** ** immense:everything **** ******** ********* *******, ******** browsers, ** ****** ************, ** ***, to ******, ** ********* *****, ** remote ****** *** ** **...
***** ******** ** *****, ******** ********, tools, **, ?
*** **** **** ***** ** **** does ********* ******* **** *+*+* ?
****** **** ** ** **** ********
*+*+* ** % ** ********* = 2019 = **.*%, **** = **.*%, 2017 = **%
** ** *** **** ****** *** Dahua, **** ** *** ***** **** I've ***** ** ***** ***************. ***** has * ******* ** **** ************* and *'* ******* ***** ** **. This ******** **** *** ****** ** ignore **** *************** **** ******** ** "it's ** *** ****" ** ***. Their ********* **** ********** **** ** their ********. ***** ** **** **** a ***** *******, *** **** ***'* figure *** *** ******** ****.
*****, ** **** ***** ***** * few ***** *** * **** **** are ********. ** ** ******** **** Dahua *** ****** *** *** ******** though ** ** **** ** **** given *****'* ******* ******** *** ***** naming ***********. ****** ***, ***** *** should ******* ****** ***** ********. ** we *** *** ********, ** **** update ****.
**** *** ** *** ** *** league, ***’* * ***** *! *** needs * **** *********** *******:
****** **** ******* ** ** *****, as ** ** ********** * ******, and *** **** ***** ** **** out ********* ** * ****...
*** ***, ******* *** ******* *******, is ***** ***** ********** :)
*********** *****, *******,
[*] *****'* **** ** ** "***-*********-*, Build: ****-**-** **:**:**, *******: *.***.*******.**.*" ** it *** ****** *** *** *****.
[*] ***** *** ** ** ******* on ***** ****** ******.
* **** *** **** [*] & [5] ** *** ***********, ** **** reporting ****** ********... (**, **** **** my ***, *** * ***** ***** is ******* ********** */ ********** ******* and **** ***** **)
********, * ******* ***** **** *** Debug *****/********* ****** ** ********!
[*], [*] *** [*] ** ****** know, ******* ***.
[*] ** ********, ** * ****'* spend **** ** **, *** ***** interesting.
***** **** *** '*****-**' *** **** '******-****', ** *** * **** *********?
****** **** *** ****** ****** ***'* say ******** ***** *** ******** ******* on ***** ******** ********. ****** ******** doesn't **** * ******** *******.
*** ****** ************ **** ****** **** September.
*** **** ***** * *** **** using ****, *** ***** ***-*** ** response ** ****** ***** ** ***** TLS ***********. ** **** ****** ***** hosting *******, *'* *** **** *** the ****** ***** ******* **** ***, unless *** ******* ******* ** ****** to ******** ****** ** *** ********** in **** *** ******* ** ********.
**'* **** ******** **** *** * speculative *******, **** ***** ** *** a *** ***** ** ******, *** then ******* ** ******'* ****.
**'* **** ******** **** *** * speculative *******, **** ***** ** *** a *** ***** ** ******, *** then ******* ** ******'* ****.
*** *** ***** ;) - ** was *** ***** **** ** ***** our *** ********.
* ******* *** ******* ** *** group ** *******. *** ***** ** that ****** **** *** *** ******, fyi. ** ** **** **** *******, I'll ****** ***********.
**** ***** ** ******-********. * **** it *****'* *** **** ************, *** it ***** *** *** ********** **** a *** **** ** *****'* ***** security ******** ********** *** ****** ******* produce ***** ******** ** ***** ***.