Vulnerability ********
*****'* *** ********* ** vulnerable ** ***** ****** overflow, ********* ** ****, sponsored ** *** ** DHS. ************, *** ***** field *** *** ***** password, ** *** **** first **** *** *** when ********** ** *** camera, **** *** ******** input **** ******. **** can ** **** ** an ******** ** ****** excessively **** **** ** the ******** *****, *** trigger * ****** ******** in *** ****** **** that ********* *** *****.
****** ********* *** ** exploited ** ***** ** attacker ** ******* *** device, **** **** ******, or ********* ********** *** unit. ******* **** ************* exists ** *** ***** page ******, ** ************** is ******** ** ******* it, *** *** ****** with ****** ****** ** at **** ** *******.
*** ****** **** **** Dahua *** ******** ****** 2 ****** ***, ** the *** ** ***.
Models ********
***** ***** ** ****** that *** ******** *** that ***** *** ******** a ******** ***, *********:

*******, ** ** *** clear *** **** ***** models *** ********. *** example,***** **** **********, **** ****** *****, in ******* *******, **** North *******, **** ******* are ******* *** *** same *********** ********. ********, as *** ***** **** the ***** ********, ***** Dahua ****** **** ****** various *****, **** ***** models ***** ** ********.
No ********** / ** ******
***** *** **** ** official ********** *** ****** of **** **********, ***** is ******** ** ***** matters ** ** ******* below *** *****'* ***********.
**** *** ******* *** to ******** ******** ** Dahua *** *** ******** no **-***-****** ******** ***** this ****** *************
Fix **********
*** *** **** ************* report ******** * **** to ******** ** *****'* international **** **** ***** fix *** *************. *** that ****, *** **** of *****'* ************* ***** are ****, ********* *** errors:

******: ***** ** *****, the **** / ***** are *** ******. ******** firmware ** *** *** vulnerability **** [**** ** longer *********].
*****'* ***** ******* ******* is **********, *** *** no ********* ** **** vulnerability, *** **** ************* update ***** **** ***** 2017:

**** *** ******** ************* notices **** **********, ** it **** ****** ** models ******* ***** ***** far **** ****** ********.
Researcher **********
*** **** ******* ******* Ilya ***** [**** ** longer *********], ** ***** security ************ ************, *** **** ******** (no ****/*********** *****) **** the ********* ** *** vulnerability. ******** ************ ******* to ******* ********** ******* of *** *************.
Violates ******** *********
*** **********, **** ** how **** *** ********* have ******* ***************:
*********'* ******* ************** ***** ********** ***** most ****** *************, *** links ** ******** *******:

**** ******** ******* ** known ***************, *** ***** to ********, ** ************ ************:

**** ** ***** ******** to *****'* **** ** acknowledgement, **** ** ********, and ** *** **** of **** ***********, **** of **** ********** ********.
******
*** ******* ** **** Dahua ********* ** **** an ********* **** ***** record, **** **** ******* vulnerabilities *** **** ******* to ******** ****** *** inform ***** *********. ** that ***, ** ** not *** **** ********* Dahua **** *****, ** some *****, **** ** business ** ***** *** Dahua. *******, ** **** show *** ********* ** unwilling ***** ** ** acknowledge *************** **********, *** deliver ******** **** ********* can *****.
Vote / ****

******
****** **** ****: ***** USA *** ****** * press ******* [**** ** longer *********] ** *** website ************* *** *************, saying ** **** ******* 4 ** ***** ****** but **** * ******** upgrade ** *** *** available:

***** *** ******** ** dated **** *** **** and ****, **** *** not **** ** ***** website ***** *** ****. The ************* *** ****** publicly ** **** **** 18th *** *** **** report **** ***** *** notified ** *** **.
***** ** ***** ** document ** ****** ** the ***** ************* ******* press ******* ** ***** security *******.
Comments (34)
John Honovich
Dahua is the most obvious sign for industry people of the bubble that China is in.
This is a company that claims ~$2 billion in annual revenue, 10,000 or so employees but repeatedly fails to do even the basics right.
Dahua better hope the Chinese bubble economy keeps up because they simply lack the fundamental competency to compete without it.
Create New Topic
Undisclosed Integrator #1
I think the product quality is good and the security poor as is any consistent security response.
I think the poll needs to be - what do you think of Dahua security and response?
Create New Topic
Shannon Davis
Let's face it there are always going to be vulnerabilities found in IP cameras and IP devices. That is the nature of a computer which cameras are and too many people out there live to find these and cause irreparable harm. Ideally the vulnerabilities are discovered by the manufacturer or a white hat hacker who want to keep everything as safe as possible. The real question for the integrity of a manufacturer, and I don't care which one either, is how they handle the situation and how fast they handle the situation. Manufacturers need to face facts and admit when their is an issue and quickly and thoroughly take care of the issue. To me that is what separates mediocre want-to-be companies and really great companies, IP cameras or whatever IP device manufacturer. I think sometimes the reason some of these companies don't want to respond quickly and effectively is due to the fact they didn't discover the vulnerability themselves and don't want admit they didn't do more thorough testing and even then you will never find all vulnerabilities. Let's face we all make mistakes sometimes, it is how you own that mistake that makes you who you are.
Create New Topic
Undisclosed Manufacturer #2
My only surprise when I read this article is that this is claimed as being only the SECOND Dahua exploit, when it feels like the fifth or sixth in the last year and a half.
Create New Topic
John Honovich
Dahua's entire International site, including the firmware fix link, has been down at least 5 hours now.
The 404 code means the server is up but somehow it has been misconfigured or broken such that it cannot find / return any pages.
Eventually they will fix it but it is hard to comprehend how a publicly traded technology company could have such issues.
Create New Topic
Undisclosed #4
Longse is looking better and better everyday ;)
Create New Topic
Robert Shih
07/25/17 06:29pm
So after binwalking the firmwares in question, if this is Sonia related this may be very isolated to that specific chipset series. I'll see what else I can dig up in my off time.
Also, IF this is Sonia related as the bulletin asserts, this is not within the web interface (which is located in a different subsection of the firmware)...
Create New Topic
Undisclosed End User #6
With the reusing of code between Challenge and Sonia, I would not be surprised if the flaw exist in both. I guess the only way to find out if this is the case, is to dig into details how to exploit and do tests, or keep an eye on published FW updates and try to figure from there. Guessing also that the researchers will provide more accurate vulnerability list in the future than Dahua itself.
Create New Topic
Kenny Johnson
if a camera does not have its HTTP port forwarded or open then it is safe from this vulnerability. Right?
Also, this just affects cameras right? Not NVRs.
Create New Topic
Undisclosed Manufacturer #7
Note that having devices that have a known vulnerability on your network can still be an issue. If an attacker gains access from another source, then they can use this vulnerability to gain access to the video, make changes, etc.
Yes, it isn't as critical as when devices are directly remotely accessible, but you shouldn't just ignore it.
Create New Topic
Heikki Peltomäki
It's not uncommon at all to have security issues. But when you sit on two months old information and won't give a fair warning to your customers... Well that is just plain disrespecting. This just makes one wonder, what else has Dahua kept from its customers. After all, like said, this was their second 10 score vulnerability in a short period of time.
Even without a fix, just warning about the exploit might help customers make their systems more secure, at least giving them a chance.
Turning a blind eye on something unpleasant doesn't make it go away.
Not impressed.
Create New Topic
John Honovich
UPDATE: Dahua USA has issued a press release on its website acknowledging the vulnerability, saying it only impacts 4 of their models but that a firmware upgrade is not yet available:
While the document is dated both the 25th and 26th, this was not live on their website until the 26th.
There is still no document or notice on the Dahua International website press release or cyber security section.
Create New Topic
Undisclosed Integrator #9
OK, so if there was a "patched" firmware released... how many people would be able to send techs to all of their client locations to apply the new firmware???
Would you charge the customer?
This would take us weeks...
Create New Topic
Undisclosed End User #6
Sadly enough I cannot trust the official list of vulnerability series from Dahua, as I personally know for facts there was far more series vulnerability to the Dahua backdoor than Dahua officially reported.
Create New Topic