Dahua New Critical Vulnerability 2019

By John Honovich, Published Sep 23, 2019, 08:51am EDT

Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored 7.0 - 9.0), found by researchers from the University of Applied Sciences Offenburg who are setting up a startup, IoT Security Systems.

IPVM Image

Inside this note, we examine the severity of these vulnerabilities, Dahua's response and impact on dealers and OEMs of Dahua.

These vulnerabilities are in addition and separate from the Dahua wiretapping vulnerability disclosed last month.

Vulnerabilities **********

***** *** ************* *** ***************:

IPVM Image

*** **** ****** (***-****-****) **** "** ******** can ***** * ****** overflow ** ************ ********* packets". ** ********** *** *********** ******** to ******** ********* **** **** vulnerability "****** ** ******** to ******* ********* **** on *** ******". **** is *** ** ******** such * ******** (*.* out ** **.*) ***** since ******* *** **** over *** ******, ****** to ****** *** ***** and ******** ******** ** to *** ** ** attack ***** ******* *******.

***** *** ******** **** need ******* ****** ** the *******, ** ******** **** ******** ** 2017******, ***** *** * large ****** ** ***** devices ********* ** *** public ********.

Collection ** **********

************** **** ******** * collection ** *** ********** with *******.

Models ********

*****'* ******************** * **** ** known ******, ***** ** shows * ****, ** estimate ** ** ****** dozens ** ***** ******:

IPVM Image

***** ****** *** ***** generation ***** ** ***-**** cameras. *******, *** ******** up ***** ****** **** is ********.

***** ********* ***** ********* about ***** ***** *** models '***** ** ** affected' *** ** ***** presume **** ***** **** all ** **** ** this ***** ***** *** researchers ******** **** ** Dahua * ****** ***, in ***.

Dahua ******** - ** *********, *** *******

***** ** ******* ****** a *********** ********* **, ****. We ***** ******* ***** this ***** ******** ****************, *** ********* *** 2017 ***** ********, ****** **** ********* with **, ******* ********* below:

IPVM Image

** ******* *** ** Dahua ** *** ********* 18th, **** ****** ********* *** *** ** disclosure*** ***** ** ** today, ********* **** *** no ******. ***** ***** only **** *****'* *********** vulnerability:

IPVM Image

**** ***** *** ******* are ******** ******* *******. As **** *** *******'* ****.

****

*********, ***** **** *** impacted ******* *** *********** originally ***** *************** ** OEMed ***** *******, **** them ********** ** ****:

*** *************** **** ********** identified ** * *****-******* device **** ***** *** the ******* *** *** yet ******** *** *** firmware **** *****

** ****** ***** ***** *** Honeywell ****** *** *********** vulnerability ******, ** ** *** clear **** ** ** the ******* ***** **** will ** **.

**** ** *** ******* example ** *** ******* of ****** **** ****, even **** ** **** the ******* ** ****** from *****.

Issues ******** *** *****

***** *** **** ******* marketing ***** ******** ** improve ***** *************, ********* an*********** ***** ***** '************* Baseline' **** * ******* video **** ******** ***** to * ****** ******* female:

** **** ******* **** video, *** ***** ******* dismissively **** **** ***** problems '**** * ***** ago'. **** *** ****** of ***************, ********* ***** high *** ******** ******, re-raises ***** *********** ******** about *****'* ************* ***************.

Comments (29)

Undisclosed #1

09/23/19 08:18am

**** ***** ** ******-********. I **** ** *****'* say **** ************, *** it ***** *** *** impression **** * *** part ** *****'* ***** security ******** ********** *** eating ******* ******* ***** focusing ** ***** ***.

Undisclosed Integrator #5

In reply to Undisclosed #1 | 09/25/19 07:05am

**** *** **** ********* oils

Undisclosed #6

In reply to Undisclosed Integrator #5 | 09/25/19 07:25am

*** *** ** ****** your *******!

Undisclosed Manufacturer #2

09/23/19 08:19am

* *** ****** *** this ********** **** *** perfect ****-****** *****...

”*** ****, * **** your *******.”

”***, ****, ** **** FIRMware ********, *** ***?”

”****, ****... *’* ***** to ** * **** dump, * **** *** to ***** ** *******.”

**** ***** *** ****, we **** *** **’* her ***********, *********.

***’* **** *** *** sake **** **’* ******* a ********!

Undisclosed Integrator #3

09/23/19 09:28am

****, **** * *** behind *** ******** ** this ***... :)

***** *** **** ****** circulating *** ** ***** a ****** ** ***** on ********** ***** ***************. I ******* **** **** of *** ******** ******* have **** ******** ** its **** * **** thing *** **'* ** update *** ******** *******.

*'* *** ******** ** for ***** **** ******* to *************, *** **** do (*********, *******) *** things **** *** ******.

** ** ** *****, the ****** ***** ** be ***** ********** **** the ********... ***-******, **********, P2P ********* *** *** accessible ***** ****** *** be ********** ****. ****** update ******** *** ****** the ******** ******** ** course!

****** *** * ********** bad *************, *** *** particularly **** ** ******** and * (** *****) half ****** ********** ********* this.

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********. Cisco *** ***** ********* like ** ****-***** ********* in ***** ********

*. ***** *****, ***** often

*. ****** *** ****** correctly

*. ****** ******* ********

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 09/23/19 09:39am

********* *** ******* ****** 70 ***'* ** ******* update ** *** **** month *****. ***** *** not **** ** ***'* combined *** *****, *** and ****** ********.

********* ************* ***** ** CVE ***** ****** ** silly. *** ***** *** made * ******** ***** about******, *** ******* ***** 516:

** ** *****, *** bigger ***** **** **** comparisons ** **** ******* software ****** *** ****** are *** *****. ********* releases **** ****** ** magnitude **** ******** **** Dahua *** ** ***** far **** ******** **** Dahua.

** *** ********* ********** disagree ***** ******* ***** vulnerabilities ****** ** *** should ** *********** (*.*., integrator ** ************, ***.) but ***** ********** *** count *** '*******' ** judging ************* ** **********.

Undisclosed Integrator #3

In reply to John Honovich | 09/25/19 01:40pm

****,

*** '****** ** ***' for *** ********** ** sources ** ******* **** so * ********* *** of *** **** ****** posting... (***** **'* ***** me **** **** ** address **** *****)

** *** ** ***** - ****(***** ** *** ***** for ********* ***************)

*** **** ******* ** publicly ********** ****:*****://***.*****.***/****/*********/********.***

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** **** * years, **** *** *** results ** ************:

*********: **** = *, 2018 = *, **** = *

*****: **** = *, 2018 = *, **** = **

******: **** =**, **** = **, **** = 237

***** **** = **, 2018 = **, **** = ***

*********: **** = ***, 2018 = ***, **** = ***

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

** ********* ** ********* was ** *** ** in ******* *******. (** would ** *********** ** see ** ********* ***** security ****** ******** *** software ** **** ***** do * ****** ***!)

** ** *****. *** vulnerabilities *** ********* *** need ** ** *********. In *** ******** ********, we ***** * **** higher ******** ** ****** secure ******** - * did *** **** ** give *** ********** ** the ********!!!

********** ** ****** ** product, ***** ** ****** or ********** ** *** body ** ************, **, as *********** **********/*********/*********** **** place * ****** ***** on ********* ********* ** such * *** **** any ****** ************* ** mitigated ** *** *********** we ******* *** **.

* ***** ******* ** this *** *** ****** Underground ***** ******* **** outlets ******* **** *** populace ** *** ***** that *** ******* ********** can *** ********** ** the *** *******. **** cannot ** **** ** the **** ******* ******* were *** *** ********* and *** ** *** CCTV ******** *** ********** isolated **** **** ***** and ** *** ** anywhere **** ************** ******* providers (*** **** ******* owns *** **** *** railway ***** *** **, so ** **** **** connectivity ******* *** *****, they **** ** * fibre)

** ***** *****, **** IF ***** *** * vulnerability **** ******** *** CCTV ******'* *********, ** could *** *** **** gained ******* ****** *** could ** **** **** affected ** (******* ** use ** *** **** overly **** ****** ** mainstream ***** **********) '**** Doors'

bashis mcw

In reply to Undisclosed Integrator #3 | 09/25/19 01:50pm

**** * **** ** give *** ********...

*** *********** *** ***self ******* *** ********** ***** ********* will do their CVE's, no matter if the vulnerability has been found in-house or reported from externally.

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********. **** ***** explain **** *******.

John Honovich

IPVM | In reply to bashis mcw | 09/25/19 01:53pm

**** ************ ** *** file *** ***'* ** all, ********** ** ** notifications ** ******** ***** and *********

******, **** *****. *'* add **** **** * company ****** ****** *** cybersecurity *********** ** *** count, **** **** * massive ************ ** **** CVEs.

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 09/25/19 01:51pm

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

*** *** ******?

*** **** ***:

******: **** =**, **** = **, **** = 237

** ** ** **** own *********** ****** *** 237 ** *** **** 3 *****, *** *** you ******** *** *** 'very *******' ** *** "***** *** *** **** 70 ***'* ******** *** Dahua, *** *** ****** combined"??

*****, ** ** *****, ranking ** ********** ******* based ** *** ***** is ********** *** **** by **** *** *****, you *** *****. * just **** *** ** be **** ****** *** do ****** ****-********.

** ***** ** *********** to *** ** ********* wrote ******** ****** ******** and ******** ** **** could ** * ****** job!

** ***** ** *** should *** ******** ********* is ***** * '*****' or '******' *** **** Dahua ***** ** *** counts. ********* ******** **** or ***** *** ****** of **** ***** *** is ***** *** ** 100x, ***. *** ****** of ******** ** *****.

***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'* fairly ******* *** ****** across *********.

Undisclosed Integrator #3

In reply to John Honovich | 09/25/19 02:11pm

****** * ***** ****** from ******** ****... ** comments **** ***** ** 2019 ****. * ******** the **** ***** ***** to **** *******.

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 09/25/19 02:24pm

** ******** **** ***** on **** ****

**,**** ******** ******* ***:

** *** **** ** comparables, ********* *** ******* around ** ***'* ** Windows ****** ** *** last ***** *****. ***** are *** **** ** CVE's ******** *** *****, Hik *** ****** ********.

*****, *** ** *** keep ******** ** *** counts? ** *** ****** think *** *** ************ and ************ ******* ***** to ********* ***** ** CVE ******? **** *** of *** ****** ***** the ********* ***** ****** different ** ***** ** development *** ******** **** any ***** ** ***?

*** *** * *** essentially ********* *** ****** of ****** ***** ** an ******** ******* ** a ***.

Undisclosed #7

In reply to John Honovich | 09/25/19 05:16pm

"***** ********* ** ***** at ******** *********** **** Dahua *** ****** **** on *** ****** ** foolish ***** *** ***'*fairly ******* *** ****** ****** *********"

*** **** ***** ****** to *** *** **** comparison?

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 06:55pm

* ***'* **** **** single ****** ***** ** fair / ********. ****** with *****, **** **** to *****.

Undisclosed #7

In reply to John Honovich | 09/25/19 07:00pm

***** *** *** ****** is **** ******?

*** **** ***** **** lost ******* ** *** problem

*** ***** **** ******* of *** "*******" ************* problem

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 07:04pm

********* **** ********** $*** *******.

*** ****** ****** ***** surveillance ****** *** ****** or **** **** $** billion.

**'* * *** **** to ******* * ******* whose ******* ** * to ** *** **** of ** ****** ********.

Undisclosed #7

In reply to John Honovich | 09/25/19 07:24pm

*** ***** ***** *******

****** *** **** ***** has **** **** ******* of **** "******" **

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 07:27pm

****** *** **** ***** has **** **** ******* of **** "******" **

** ***** ** ****** at ************* **** *********?

** *** '*** ***** about *******', ****** **** to ** ******** ** revenue ** ********** ******** impact *** *** **** or ****.

Undisclosed #7

In reply to John Honovich | 09/25/19 07:31pm

*** *** *** ******* an ******* ** *** much ***** **** **** because ** *****

************* *******!

John Honovich

IPVM | In reply to Undisclosed #7 | 09/25/19 07:33pm

*****'* ********* *** ***** example ** *** ******** to **** ***** * lot ** ****** **** cleary **** ** ***** -***** ********* **** ******

Undisclosed #4

IPVMU Certified | In reply to Undisclosed Integrator #3 | 09/25/19 02:05pm

** ********* ** "********* has ******* ****** ** CVE's ** ******* ****** in *** **** ***** alone. ***** *** *** even ** ***'* ******** for *****, *** *** Huawei ********." ** **** correct.

****** **** ********* ** primarily * ******** *******, and *** ****** *** primarily ******** *********.

*** ******* ** ********* software ** *******:********** **** multiple ********* *******, ******** browsers, ** ****** ************, to ***, ** ******, to ********* *****, ** remote ****** *** ** on...

***** ******** ** *****, embedded ********, *****, **, ?

*** **** **** ***** of **** **** ********* produce **** *+*+* ?

****** **** ** ** your ********

*+*+* ** % ** Microsoft = **** = 12.6%, **** = **.*%, 2017 = **%

Avatar

Brian Hampton

IPVMU Certified | In reply to Undisclosed Integrator #3 | 09/25/19 07:27am

** ** *** **** dealer *** *****, **** is *** ***** **** I've ***** ** ***** vulnerabilities. ***** *** * history ** **** ************* and *'* ******* ***** of **. **** ******** with *** ****** ** ignore **** *************** **** attitude ** "**'* ** big ****" ** ***. Their ********* **** ********** lead ** ***** ********. Shame ** **** **** a ***** *******, *** just ***'* ****** *** the ******** ****.

John Honovich

IPVM | In reply to Brian Hampton | 09/25/19 08:49am

*****, ** **** ***** Dahua * *** ***** and * **** **** are ********. ** ** possible **** ***** *** models *** *** ******** though ** ** **** to **** ***** *****'* various ******** *** ***** naming ***********. ****** ***, Dahua *** ****** ******* inform ***** ********. ** we *** *** ********, we **** ****** ****.

Undisclosed #4

IPVMU Certified | 09/23/19 09:43am

**** *** ** *** of *** ******, ***’* a ***** *! *** needs * **** *********** partner:

****** **** ******* ** in *****, ** ** is ********** * ******, and *** **** ***** to **** *** ********* on * ****...

*** ***, ******* *** outward *******, ** ***** quite ********** :)

bashis mcw

09/23/19 03:25pm

*********** *****, *******,

[*] *****'* **** ** my "***-*********-*, *****: ****-**-** 09:30:50, *******: *.***.*******.**.*" ** it *** ****** *** not *****.

[*] ***** *** ** be ******* ** ***** device ******.

* **** *** **** [4] & [*] ** bit ***********, ** **** reporting ****** ********... (**, they **** ** ***, but * ***** ***** is ******* ********** */ obfuscated ******* *** **** about **)

********, * ******* ***** that *** ***** *****/********* should ** ********!

[*], [*] *** [*] is ****** ****, ******* new.

[*] ** ********, ** I ****'* ***** **** on **, *** ***** interesting.

bashis mcw

12/08/19 04:41pm

***** **** *** '*****-**' has **** '******-****', ** *** * miss *********?

Undisclosed Integrator #8

In reply to bashis mcw | 12/09/19 08:46am

****** **** *** ****** Nussko ***'* *** ******** about *** ******** ******* on ***** ******** ********. Dennis ******** *****'* **** a ******** *******.

*** ****** ************ **** expire **** *********.

*** **** ***** * 404 **** ***** ****, but ***** ***-*** ** response ** ****** ***** to ***** *** ***********. If **** ****** ***** hosting *******, *'* *** sure *** *** ****** would ******* **** ***, unless *** ******* ******* is ****** ** ******** things ** *** ********** in **** *** ******* is ********.

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

Thomas Vogt

In reply to Undisclosed Integrator #8 | 01/27/20 07:22am

**'* **** ******** **** was * *********** *******, they ***** ** *** a *** ***** ** months, *** **** ******* it ******'* ****.

*** *** ***** ;) - ** *** *** wrong **** ** ***** our *** ********.

John Honovich

IPVM | In reply to bashis mcw | 12/09/19 08:57am

* ******* *** ******* at *** ***** ** clarify. *** ***** ** that ****** **** *** not ******, ***. ** or **** **** *******, I'll ****** ***********.

Read this IPVM report for free.

This article is part of IPVM's 6,653 reports, 896 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports