Dahua Says Latest Firmware Check Does Not Work With Out-of-Date Firmware

By Ethan Ace, Published Sep 14, 2021, 08:26am EDT (Info+)

The tool that Dahua claims will alert users if Dahua's firmware is out-of-date does not work if the firmware is actually out-of-date, per a declaration that Dahua provided to IPVM after we reported on Dahua's newest critical vulnerabilities and the fact that their firmware checker did not work on out-of-date firmware we tested.

IPVM Image

Inside this note, we share Dahua's explanation, our test findings, and why this increases risks for Dahua users already beset by vulnerability after vulnerability.

Feature *******

** ******** ******** *************** ******, ** ********* **** ***** **** Dahua ******* ******* ** "****** *******" which ****** *** *** ********, ** have ***** **** **** ******* ***** fails, *.*., ** *** ******* **** firmware ***** "****** *******" **** ***** the ****** *******, ******* **** ******** being *********.

IPVM Image

**** ***** (** *** *****) ** simply *****. ** ** ******* *** the ****** *******. **** ********** ********* would ********* **** ** * *** and *********** *** **. *** *****.

"Consistently ******** **** ***** ******** ********"

***** ***** **** ** ** *********** user ***** *** **** ** ** because ** **** *** "**** ************ applying **** ***** ******** ********":

IPVM Image

Questions **********

***** *** *** ******* ** *** follow-up *********:

********: **** ****** ******* ***** *********** ("It ** *** ****** *******") **** the **** ** *** "************ ******** past ***** ******** ********'? *** ***** it *** **** *** **** *** firmware ** *** ** ****?

*******'* ** ** ****** ** **** case *** *** ******** ***** ** know **** **** ******** ** *** of **** *** ********* **** *** user ** ** *** *** ****** version?

* ********** ***** ** ***** ****** a ******* ******** *** *** ********* to ******:

** **** ** ****** ******* ** this ******* *** ******** **** ***** firmware ******* **** *** **** ** older ******** ******** ***** ** *****. As *** ***** ** ******** *****, Dahua ******** *** ***** **** *** from **** *** ******** **** "** is *** ****** *******."

Comparison ** ***** ******** ********

******* ***** ************* ***** ****** ******** checks ******* ** *****, **** ***** results ** *** *******. *********'* *** Uniview's ****** ****** ****** *********, ********* the ****** ******* **** **** ******** was ***** ***-**-**** **** ******. ** contrast ** ***** ****** ******, ***** has ******* ****** ****** ** ***** IP ******* *** *****, ***** *** consistently ********* ******** ******** ******* **** when **** **** ************* ***-**-**** ********.

Dahua ***** ******

***** *****'* ******* ******** *************** *** clearly *** ******* ***** **** *** company *****, *** **** **** ** would ****** ***** ***** **** *** its ******** ****** ******** ****** ******* reinforces *** ****** ** ***** *****.

** **** ***** ***** **** *** will ****** **** ****** ** ** when ***** **** ** **.

Comments (5)

Undisclosed Integrator #1

09/14/21 03:25pm

*** ********* ******** ********?

IPVM Image

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed #2

IPVMU Certified | 09/14/21 03:38pm

***** ****’** ****** **** **’* ***** in *** *** ******** **** *** wouldn’t **** ******?

Agree: 1
Disagree
Informative
Unhelpful
Funny

Undisclosed Integrator #4

In reply to Undisclosed #2 | 09/14/21 03:51pm

****, *'* ******* **** ****** *) version *.*** *** * ****** ****** checker **** *** ***** ** * later *******, ** *) *****'* ****** server ************** *** ******** ** **** point, ***** ***** *** ****** ******* in ***** ********. *****'* *** **** that ***** ** **** ***** **** a, ***** **** ********* ****** ** the ******* *** ******** **** ** update ********. *** **** *, ***'* really **** **** ** ******** ********* compatibility ** ***** ********** **** ****.

Agree: 3
Disagree
Informative: 1
Unhelpful
Funny

Undisclosed Integrator #3

09/14/21 03:48pm

**** ********** ** ***** *** ******** tech ******* ** *** *******. ***** should **** ****** ************ *** *******, explained **** ***** ******** *** ** issue **** ***** **** ** ****** the ******* ******** ****** ******** ******* had **** **** ******** ** ********, sent ** ****** *** **** ***** restore *** ****** ** ****** ********* and ***** *** ****** ****** ******* to **** ** ** ****** ***** forward. ******* ******.

*** ****** ******* ** ****: *****, it *** **** *** ********** **** all ******** ********, *********, *** ********, that ** * ******* ******** ******** update ******** ********* ******* *** ******* version, **** ********* *** ******** ** with *** **** ****** ******* ******** or *************. ******* ******. ** ******** uses ** ******** * ****** ** incremental ******* ** ***** ** **** properly, **** ** *** ** ********* detect *** **** *********** ****/******* ***** to ******* **** *** **** *********** update. ** ** ****** ** ****, then ** *** ****** **** *********** and ******* * **** ******** *********** as ** ****** ** ****** **** happened ** *** **** **** **** not ******. ** ** *** ****** incremental ******* *** *** * **** practice, **** ** **** ******* **** time ** ******** *** *********. ***** incremental ******* ***** ******** ******** ** be ******* ** * ****** *******, historically ** ** *** ******* *** new ******* ** ********* ********* ********/****** that *** *** ***** ******.

***** *** ******* ******** ** * product ** ** ********* ** **** it ** ******** ** **, * good ****** *** *********** ***** ** to *** *** **** *** *** versions ** ****** ********* *** ****** operation, ***** ** ******* ** *** to * ******** **** ***** ******* are ********* ******* ******* ********. ** an ****** **** ****** *** ******, it *** ** ********** ****** *** customers ** *** **** ****, ******** a ******* *********. ** *** ****** is ******** *******, **** ************ ****** be **** ** **********/******* ** *** user ** ******** ** ** ********* that *** ****** ** *******, ** they *** ****** *** **** ******** individually *** **** ****** ** **************.

****** **** ** **** ** **** for ******** *******, **** ** ******** and ********* ** *** ***** ********* updating ** **** *****, *** ******* firmware ** ******* ************ ***** ******** a **** ****** ******* ** *********** approach. *** * ****** ** ** automatic ******* ******** ** ** ‘***** in’ **** * ****** ********* ** download *** ****** ********. **** *** it’s *** ******** ***** ** ****** update ******* *** ** ******* ******** updates ** ** ********** **** *** wrong ******, *** ******* ** ******, download ******* ** ***** ******* ********. This ****** *** **** **** ** the **** ** ************ ***** ******** to *********** *** **** **** ********.

*** ‘***** **’ ******* ** **** one ** *** **** ******* ******* have ***** ** ** *** ***** in *** **** *** *****. ** enabling **, ******* *** ******* ** reach *** *** ***** ******* **** once ********* *** ** **** ** do ****** ***** **** ****** ********. For *******, ******* ****** ******, ******* status, *********** ***** ******* ** *******, and/or ******* ********** **** ** *******. It ***** * **** **** ***** be ********* ***** ** *** *********** managing *** ****** **** *** **********. IT ***** * **** ** ******** network ** ***** **** ****** ****. Generally **** ******** **** *** ** detected ******* ******** ********** ******** ******* on ******* ********** *** *******. ********* and ***** ******** ********** ******* **** many **** ** ******* ******* ***** products, *** ******** ***** ***** ******* tend ** ******* ** ***** ***, and ***** ********* ***** **** *** ones ******** *** ***** ****** *******, are ********* ** ******.

** *** ****** *** ** ******** might **** ** ** ****** ***** auto ******* ** ** ******* ** embedded ******** ** **** ** *** allowing *** ***** ******** ** ** installed ** ***** **** ** **** networks. ******* ***** ******* ****** *** entirely ** ***** *** *******, **** their *** ******** ******** ******* ** portal, **** ** *** ** ********* thing ** **, *** ******** ***** isolation ** *********** ***** ********.

************* ******* ******* **** ***** *********. They **** ** **** ** ******* and ************* **** **** ** ****** proper ********* *** ******* ******** ** all *********. ** **** **** ***’* of ************* ******** **** **** ***** and ** ***** ***** ** *** one **** *** *** ** **** time *** ****** **** ***** ******** or ********. ** *******.

*** **** ** ***** *** *** the **** *** **** ****** **** open *** ********** **** ******, *** quick ** ******* ****. **** ****** us ** ** *** **** *** our *******.

** * ************ ** *** ***** honest, ** ****** ******* ******* ** acknowledging ******** *** ********* *********, ** have ** **** ***** ****. ********* it *** **** ********* ***/** **** inconvenient ** **, *** ** **** it ** *** ***** ***** ** do *** *** ******* *** *** peace ** ****.

*** ****** **** *** ****** **** else *** **** *** ***** ****** about?

Agree: 4
Disagree
Informative: 1
Unhelpful
Funny

Robert Shih

Independent
09/17/21 04:50pm

***! **'* **** ****** ***** *** one *** ** ******** ***** ******. Nothing *** ** *** ****.

****: * ******* **** **** **** kicking *** *** ** ** *** will ******** **** *** ******** *******. They **** ****** *** ******** ***** location **** **** **** ** ** one ************ ****** *** **** ** to *** ****. ****'* *** ******** beyond * *** ******. **** ***** to * ****** ********** ******** ******* location. **** *** ****** ****** ** them ****** "**'** **** **** ** it **** ****, ** *******". ** far, ** *** ******* **** **** issued **** *** ** ******** *** upgraded ** ***** ******** ** *** new ********.

**'* **** ** *** ****.

*** **** ********* ** **** ****-******* feature ** **** *********** ***** ******** firmware ************ ****** ***** ** ********* only ******** **** ******* ** **** who *** ***** ********* ********. *** upgrade ******* ***** **** ** ** stripped *** ** ******** ** ***** logo **** ***** "*******" ******** ***** for **** ** **** ***** ** they ******** **** ** ******* ***** OEMs ** *** ******* ******* **** firmware ***** *******.

Agree: 1
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports