Four "High" Dahua Vulnerabilities, "Not Responded", Says CISA; CISA Removes, Dahua Responds

By Charles Rollet, Published Jul 15, 2022, 08:16am EDT (Info+)

The US government's Cybersecurity & Infrastructure Security Agency, CISA, has disclosed four new "High" level vulnerabilities for the Dahua ASI7213X-T1 fever tablet / facial recognition access controller plus one "Medium" vulnerability.

IPVM Image

CISA said Dahua "has not responded to requests to work with CISA to mitigate" these serious vulnerabilities. Two weeks before CISA's announcement, Dahua disclosed separate "Medium" and "Low" vulnerabilities for the ASI7 series.

These vulnerabilities are different and add to the ones from this January - Dahua Broken Access Control Vulnerability and 10 months ago - Dahua New Critical Vulnerabilities 2021.

In this post, IPVM examines this incident and how it highlights Dahua's history of poor cybersecurity.

Update: Dahua responded to IPVM calling it a "miscommunication" and they are in "process of correcting the CISA advisory."

Update: CISA removed the section about Dahua not responding.

CISA ********* "****" ***** ***************

** **** **, ************** ******** *********** ****** ** ***** vulnerabilities **** "***** ***** ************ ******, upload ********* *****, *** ***** * denial-of-service *********" *** ******** ********-** ****** *********** **********:

IPVM Image

*** **** *************** ***** **** *.* to *.* **** (****** ************* ******* ******) ******, **** **** "****" *** one "******"*****:

IPVM Image

  • ***-****-****, **** ***** *.* (****), *** most ******* ** *** ****: * '**** *** ****' **** **** ****** ******* ** "access *** ****** ******* ******* * password".
  • ***-****-****, **** ***** *.* (****). *** product ***** ***** "**** ** ******* username ** *******" ***** "***** ***** an ******** ** **** ***** ******** values" *** **************-***** *******.
  • ***-****-****, **** ***** *.* (****). *** device ** "********** ** ********* ************** attempts, **** ** ******** ******** ** credential ******** *******".
  • ***-****-****, **** ***** *.* (****). * feature **** ****** ***** ** ****** potentially ********* ***** "**** ****** ** in *******".
  • ***-****-****, **** ***** *.* (******). ** input ********** **** ** *** ******'* web ****** "***** *** ***** * denial-of-service ********* ** *** ******."

**** **** **** "** ***** ****** exploits ************ ****** ***** ***************."

Based ** ****** ******** ********

**** **** *** *************** **** ******** by****** ********, * **********-***** *** ************* ****. In ******* ****, ****** **** ** had ************ ******** ********** *** ***** ********-** ********, ******** it *** *** ******* *** *************** publicly.IPVM Image

*** ************** *************, ********* *** *** ******* to *****, *** ********* "******** ** obscurity" ** "******** *********** ** ********** firmware, **** *** **** ** ******** any **** ** ******** ***** **** a **** ***** *** ***********".

Dahua ********* **** "******" & "***" ***************

** **** **, *** ***** ****** CISA's ************, ************** * ******** ********"** ******** ** *** ******** ****** reported ** ****** ********". *****'* ******** said ** *** ******** ***** ****** and *** ***-***** ***************:

  • ***-****-*****, **** ***** *.* (******). "**** an ******** **** * ***-**-***-****** ****** to ***** *** ******* ******* **** success ******* ** ******* *****, ** can *** ** ** *** ****** by ********* *** ****'* ***** ******."
  • ***-****-*****, **** ***** *.* (******). "**** an ******** **** * ***-**-***-****** ****** to ***** *** ******* ******* **** success ******* **, *** ******** ***** log ** ** *** ****** ** replaying *** ****'* ***** ******."
  • ***-****-*****, **** ***** *.* (******). "**** an ******** ********* *** ************** ******* and ********, ** ******* * ***-**-***-****** attack, *** ******** ***** **** * specified ******* ****** ** *** ********** interface **** **** *** ****** ** crash."
  • ***-****-*****, **** ***** *.* (***). "** the **** ******* *** ***** ******** on *** ******, ** ******** *** modify *** ****’* ******* **** ****** through * ***-**-***-****** ****** *** ******** to * ********* ****."

***** **** *** *************** ******** *** "ASI7XXXX" ****** *** **** *** ***-***** and ***-**** ****** ****** (***** **** unmentioned ** ****):

IPVM Image

***** ************ ******** *********/** ********** ********* ******* ** *******.

CISA: ***** "*** ********* ** ********" ** ******** ***************

****'* **************** ***** "*** *** ********* ** requests ** **** **** **** ** mitigate ***** ***************", ******** *** ******* *** *** *********** "** ************ ****" ** ** national ********:

IPVM Image

**** **** *** ***** **** *** companies *** ***** ************ ** ************* mitigation *******. **** ***** **** * handful **** *********:******(***),***** **********(***),***** ******(******),********(*****), *** *** *****.

**** ** *** ***** **** **** calls *** ***** *** *** **********, e.g. ********'* **** **** ****, ******* *** ***********.

Dahua's **** ************* ******

***** ********* *** *********** ************* ***************. For *******, ** ****** ***:

********, ** **** ******** ***** *** problems ********** ** *** ***************. *** example, **** *** **** ****, ***** ignored *** ***********' ****** ** ***** vulnerabilities:

IPVM Image

***:

IPVM Image

**** ** ******** ***** * ****, IPVM ******** ****** ** ******* ********* a ******** **** *****:

IPVM Image

Dahua ********

***** *** *** ******* ** ****'* request *** *******. ** ** **** Dahua ****, ** **** ****** *** report.

UPDATE: ***** ********

***** *** **** *** ********* ********, posted ***** ** ****:

** *** ******** **** **** ********* this ******* ******* ********* * ******** from ** *****. *** ******** *** sent ** ** *** **** ***** was ********** ************ *** ******. ** you **** **** ****, *** *** company ** ******* ********, ************* ********* on ********* ******** ******* ** **** coordinate **** *********** ****** ******** **** zones – *** **** ****** *** company, *** ** *********** ******** ****** that ** *** ******* ** *** schedule. * **-**** ******** ** *** middle ** *** ***** ** *** US *** ******** ** ***** ** impossible *** ** ** *** ********* situated ******** ** *********** *** ** believe **** ***** ****. ******, ** suspect **** **** ** *** ****** point **** ****’* ***********.

** * ****** ** **** ******** approach, **** *** ******* *********** *** readers. **** *** *** *****: **’** investigated *** *********** **** *** **** in **** ******** *******. ****** ****, an *********** ************* ************, ******** **** there *** * **************** ******* ***** analyst *** ***** *********** ** ****. They **** ************ ************* ** *****, and *** ******* ** **** ** in *** ******* ** ********** *** CISA ******** ** ******* *** **** that ***** ********* *** **** ** vulnerabilities **** ****** ******, *** *** issued ******* *** ***** ***************.

Comments (4)

***** *** *********:

** *** ******** **** **** ********* this ******* ******* ********* * ******** from ** *****. *** ******** *** sent ** ** *** **** ***** was ********** ************ *** ******. ** you **** **** ****, *** *** company ** ******* ********, ************* ********* on ********* ******** ******* ** **** coordinate **** *********** ****** ******** **** zones – *** **** ****** *** company, *** ** *********** ******** ****** that ** *** ******* ** *** schedule. * **-**** ******** ** *** middle ** *** ***** ** *** US *** ******** ** ***** ** impossible *** ** ** *** ********* situated ******** ** *********** *** ** believe **** ***** ****. ******, ** suspect **** **** ** *** ****** point **** ****’* ***********.

** * ****** ** **** ******** approach, **** *** ******* *********** *** readers. **** *** *** *****: **’** investigated *** *********** **** *** **** in **** ******** *******. ****** ****, an *********** ************* ************, ******** **** there *** * **************** ******* ***** analyst *** ***** *********** ** ****. They **** ************ ************* ** *****, and *** ******* ** **** ** in *** ******* ** ********** *** CISA ******** ** ******* *** **** that ***** ********* *** **** ** vulnerabilities **** ****** ******, *** *** issued ******* *** ***** ***************.

** ****** *** ** ****** **** article ***********.

** **** **** **** ** *** about **** *********** ******** – ***** is ****** ******** – ** *** coming ****.

********** ***** ********* ** **: ** gave **** ** ***** ** ** issue **** *** ** ********** ********* 2 **** ****** ****. ***** *** well ***** ** **** ***** *** what *** ** ********** ********* ******* in *** ****.

** ******* *** ***********@*********.***, ***** ** * **** ***** that ** *********** ** ******* ***** employees *** ***** ** ** ***** American ***** ***** ****.

** ****** ******* **** ***** ** angry ** ** ******* ** ***** own ********* ************* ****** *** ****** working **** *** ** **********.

Agree
Disagree
Informative: 3
Unhelpful
Funny

*********** **** **Nozomi * **** ***, ********** ********* *** **** ******* ** ******* *** **. *****, *** ************* ******** ***** ** ** **'* **** ***** ***** ****, ***** **** ** "***********" ****** *** ** ***** ***** **** *** ***** *** ** ********** *** ******* **** ********/********** (****** *** ********** ***/** ********* ******* *** ** **** ** ******)

Nevertheless, **** *** *** **** ****** *** ******** *** ****** ******* *** ***********.

*********

"******** ** *********" ** "******** *********** or ********** ********, **** *** **** of ******** *** **** ** ******** other **** * **** ***** *** interaction".

* ******* *****, ******** ** ********** security, "****" *** (** *******) ********** time ********* ********* ** **** ***** the **** ******** *** *****.

******* ********, * **** **** ***** how **** ********* **********/********** *** *** generation ******* * **** ***** **** Dahua ********* *****, ***** ** ** that ******* **** ******** ** ***** are **** ** ********* *** **** use ** **********/*** **********.

Agree
Disagree
Informative: 6
Unhelpful
Funny

** **** **** **** ** ** speak, *** **** ********** ******* ***** cyber ** ***** ******* ** ***** to ****.... ***

Agree: 1
Disagree
Informative
Unhelpful
Funny

******: **** *** ******* *** **** about *** ***** ***"*** ********* ** ******** ** **** with [**] ** ******** ***** ***************", see ****:***** ********-** (****** *).

*** ******* ********** ****:

IPVM Image

*** ** ***** ** ****** ******* to*****'* ******** ********:

IPVM Image:

**** *** ******* *** ** ***** & ****, ** **** ****** **** response.

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports