Dahua Says Latest Firmware Check Does Not Work With Out-of-Date Firmware

By Ethan Ace, Published Sep 14, 2021, 08:26am EDT

The tool that Dahua claims will alert users if Dahua's firmware is out-of-date does not work if the firmware is actually out-of-date, per a declaration that Dahua provided to IPVM after we reported on Dahua's newest critical vulnerabilities and the fact that their firmware checker did not work on out-of-date firmware we tested.

IPVM Image

Inside this note, we share Dahua's explanation, our test findings, and why this increases risks for Dahua users already beset by vulnerability after vulnerability.

Feature *******

** ******** ******** *************** ******, ** ********* **** while **** ***** ******* include ** "****** *******" which ****** *** *** firmware, ** **** ***** that **** ******* ***** fails, *.*., ** *** running **** ******** ***** "latest *******" **** ***** the ****** *******, ******* 2021 ******** ***** *********.

IPVM Image

**** ***** (** *** above) ** ****** *****. It ** ******* *** the ****** *******. **** technology ********* ***** ********* this ** * *** and *********** *** **. Not *****.

"Consistently ******** **** ***** ******** ********"

***** ***** **** ** is *********** **** ***** and **** ** ** because ** **** *** "been ************ ******** **** Dahua ******** ********":

IPVM Image

Questions **********

***** *** *** ******* to *** ******-** *********:

********: **** ****** ******* false *********** ("** ** the ****** *******") **** the **** ** *** "consistently ******** **** ***** firmware ********'? *** ***** it *** **** *** user *** ******** ** out ** ****?

*******'* ** ** ****** in **** **** *** the ******** ***** ** know **** **** ******** is *** ** **** and ********* **** *** user ** ** *** the ****** *******?

* ********** ***** ** Dahua ****** * ******* question *** *** ********* to ******:

** **** ** ****** further ** **** ******* the ******** **** ***** firmware ******* **** *** work ** ***** ******** versions ***** ** *****. As *** ***** ** provided *****, ***** ******** the ***** **** *** from **** *** ******** that "** ** *** latest *******."

Comparison ** ***** ******** ********

******* ***** ************* ***** online ******** ****** ******* to *****, **** ***** results ** *** *******. Hikvision's *** *******'* ****** checks ****** *********, ********* the ****** ******* **** when ******** *** ***** out-of-date **** ******. ** contrast ** ***** ****** checks, ***** *** ******* online ****** ** ***** IP ******* *** *****, which *** ************ ********* reported ******** ******* **** when **** **** ************* out-of-date ********.

Dahua ***** ******

***** *****'* ******* ******** vulnerabilities *** ******* *** biggest ***** **** *** company *****, *** **** that ** ***** ****** blame ***** **** *** its ******** ****** ******** update ******* ********** *** danger ** ***** *****.

** **** ***** ***** this *** **** ****** this ****** ** ** when ***** **** ** so.

Comments (5)

Undisclosed Integrator #1

09/14/21 03:25pm

*** ********* ******** ********?

IPVM Image

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed #2

IPVMU Certified | 09/14/21 03:38pm

***** ****’** ****** **** it’s ***** ** *** new ******** **** *** wouldn’t **** ******?

Agree: 1
Disagree
Informative
Unhelpful
Funny

Undisclosed Integrator #4

In reply to Undisclosed #2 | 09/14/21 03:51pm

****, *'* ******* **** either *) ******* *.*** had * ****** ****** checker **** *** ***** in * ***** *******, or *) *****'* ****** server ************** *** ******** at **** *****, ***** broke *** ****** ******* in ***** ********. *****'* not **** **** ***** be **** ***** **** a, ***** **** ********* people ** *** ******* and ******** **** ** update ********. *** **** b, ***'* ****** **** them ** ******** ********* compatibility ** ***** ********** like ****.

Agree: 3
Disagree
Informative: 1
Unhelpful
Funny

Undisclosed Integrator #3

09/14/21 03:48pm

**** ********** ** ***** and ******** **** ******* of *** *******. ***** should **** ****** ************ the *******, ********* **** their ******** *** ** issue **** ***** **** to ****** *** ******* firmware ****** ******** ******* had **** **** ******** by ********, **** ** update *** **** ***** restore *** ****** ** normal ********* *** ***** the ****** ****** ******* to **** ** ** should ***** *******. ******* solved.

*** ****** ******* ** note: *****, ** *** been *** ********** **** all ******** ********, *********, and ********, **** ** a ******* ******** ******** update ******** ********* ******* the ******* *******, **** downloads *** ******** ** with *** **** ****** version ******** ** *************. Problem ******. ** ******** uses ** ******** * series ** *********** ******* in ***** ** **** properly, **** ** *** to ********* ****** *** last *********** ****/******* ***** to ******* **** *** next *********** ******. ** it ****** ** ****, then ** *** ****** from *********** *** ******* a **** ******** *********** as ** ****** ** assure **** ******** ** the **** **** **** not ******. ** ** one ****** *********** ******* are *** * **** practice, **** ** **** require **** **** ** download *** *********. ***** incremental ******* ***** ******** measures ** ** ******* in * ****** *******, historically ** ** *** unusual *** *** ******* to ********* ********* ********/****** that *** *** ***** before.

***** *** ******* ******** of * ******* ** to ********* ** **** it ** ******** ** do, * **** ****** for *********** ***** ** to *** *** **** the *** ******** ** assure ********* *** ****** operation, ***** ** ******* it *** ** * customer **** ***** ******* are ********* ******* ******* problems. ** ** ****** does ****** *** ******, it *** ** ********** across *** ********* ** the **** ****, ******** a ******* *********. ** the ****** ** ******** related, **** ************ ****** be **** ** **********/******* or *** **** ** indicate ** ** ********* that *** ****** ** applied, ** **** *** decide *** **** ******** individually *** **** ****** of **************.

****** **** ** **** is **** *** ******** reasons, **** ** ******** and ********* ** *** allow ********* ******** ** take *****, *** ******* firmware ** ******* ************ which ******** * **** update ******* ** *********** approach. *** * ****** to ** ********* ******* requires ** ** ‘***** in’ **** * ****** somewhere ** ******** *** newest ********. **** *** it’s *** ******** ***** as ****** ****** ******* can ** ******* ******** updates ** ** ********** from *** ***** ******, and ******* ** ******, download ******* ** ***** harmful ********. **** ****** has **** **** ** the **** ** ************ cause ******** ** *********** and **** **** ********.

*** ‘***** **’ ******* is **** *** ** the **** ******* ******* have ***** ** ** ban ***** ** *** last *** *****. ** enabling **, ******* *** allowed ** ***** *** and ***** ******* **** once ********* *** ** able ** ** ****** other **** ****** ********. For *******, ******* ****** status, ******* ******, *********** other ******* ** *******, and/or ******* ********** **** on *******. ** ***** a **** **** ***** be ********* ***** ** the *********** ******** *** server **** *** **********. IT ***** * **** to ******** ******* ** which **** ****** ****. Generally **** ******** **** not ** ******** ******* specific ********** ******** ******* on ******* ********** *** traffic. ********* *** ***** security ********** ******* **** many **** ** ******* Windows ***** ********, *** embedded ***** ***** ******* tend ** ******* ** their ***, *** ***** behaviors ***** **** *** ones ******** *** ***** actual *******, *** ********* to ******.

** *** ****** *** IT ******** ***** **** to ** ****** ***** auto ******* ** ** enabled ** ******** ******** as **** ** *** allowing *** ***** ******** to ** ********* ** their **** ** **** networks. ******* ***** ******* should *** ******** ** their *** *******, **** their *** ******** ******** service ** ******, **** is *** ** ********* thing ** **, *** provides ***** ********* ** potentially ***** ********.

************* ******* ******* **** their *********. **** **** to **** ** ******* and ************* **** **** to ****** ****** ********* and ******* ******** ** all *********. ** **** used ***’* ** ************* products **** **** ***** and ** ***** ***** is *** *** **** has *** ** **** time *** ****** **** their ******** ** ********. It *******.

*** **** ** ***** use *** *** **** who **** ****** **** open *** ********** **** issues, *** ***** ** resolve ****. **** ****** us ** ** *** same *** *** *******.

** * ************ ** not ***** ******, ** making ******* ******* ** acknowledging ******** *** ********* solutions, ** **** ** stop ***** ****. ********* it *** **** ********* and/or **** ************ ** do, *** ** **** it ** *** ***** thing ** ** *** our ******* *** *** peace ** ****.

*** ****** **** *** wonder **** **** *** they *** ***** ****** about?

Agree: 4
Disagree
Informative: 1
Unhelpful
Funny

Robert Shih

Independent
09/17/21 04:50pm

***! **'* **** ****** since *** *** *** is ******** ***** ******. Nothing *** ** *** here.

****: * ******* **** they **** ******* *** can ** ** *** will ******** **** *** database *******. **** **** moving *** ******** ***** location **** **** **** up ** *** ************ method *** **** ** to *** ****. ****'* why ******** ****** * are ******. **** ***** to * ****** ********** firmware ******* ********. **** new ****** ****** ** them ****** "**'** **** care ** ** **** time, ** *******". ** far, ** *** ******* have **** ****** **** can ** ******** *** upgraded ** ***** ******** to *** *** ********.

**'* **** ** *** same.

*** **** ********* ** this ****-******* ******* ** fact *********** ***** ******** firmware ************ ****** ***** is ********* **** ******** upon ******* ** **** who *** ***** ********* firmware. *** ******* ******* would **** ** ** stripped *** ** ******** to ***** **** **** their "*******" ******** ***** for **** ** **** sense ** **** ******** have ** ******* ***** OEMs ** *** ******* footsie **** ******** ***** forward.

Agree: 1
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,208 reports and 960 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports