A remote attacker can exploit both vulnerabilities by sending specially crafted data packets to the vulnerable cameras.
“The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.” reads the advisory published by the vendor in early September.
The flaw received a CVSS v3 score of 8.1, the vendor recommended its customers to install security updates.
The list of affected models is very long, it includes IPC-X3XXX,HX5XXX, HUM7XX, VTO75X95X, VTO65XXX, VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, TPC-PT8X21B, NVR1XXX, NVR2XXX, NVR4XXX, NVR5XXX, NVR6XX.
It could be quite easy for threat actors in the wild to find exposed Dahua devices using a search engine like Shodan and attempt to hack them using the available PoC code. In order to protect Dahua devices, users have to install the latest firmware version.
(SecurityAffairs – hacking, Dahua cameras)