Researchers found a significant flaw in Dahua IP cameras that could be used by an attacker to take control of the target. Following the vulnerability report, the vendors patched the issue and advised users to update their devices as quickly as possible.
Dahua IP Cameras Security Vulnerability
In a recent advisory, Nozomi Networks Labs stated that its researchers had discovered a significant security flaw in several Dahua IP cameras.
Chinese tech firm Dahua sells items for video surveillance. It is a well-known company with representation in many nations, including the USA. Network recorders, network cameras, intercoms, fire alarms, IVS, drones, and other security products are among the many security products that the company manufactures.
Typically, the problem in question affected IP cameras that used the Open Network Video Interface Forum (ONVIF). When examining the IPC-HDBW2231E-S-S2 camera to determine the specifics of the device fingerprinting, the researchers discovered the vulnerability. They found how to fake a Create Users request to add an unauthorized admin account during this testing. The acceptance of the request by the device revealed the vulnerability in the WS-Username Token authentication process.
Testing the newly generated account demonstrated that a malicious attacker could totally control the target device by following the same steps. "Sniffing one unprotected ONVIF request authenticated with the WS-Username Token schema" would be all that was necessary. Because this token is present by default and most Dahua devices disclose unencrypted HTTP data, exploiting the flaw would've been simple.
Dahua Patched The Bug
The researchers notified Dahua of a vulnerability when they found it, and Dahua finally fixed the problem. This vulnerability, CVE-2022-30563, had a CVSS base score of 6.8, according to Dahua's advisory. According to the advisory's description,
An attacker can log into the device by recreating the user's login packet when he successfully logs in through ONVIF using a man-in-the-middle attack to sniff the request packets.
The suppliers also patched three additional, comparatively less serious vulnerabilities in the devices.
The following device models are listed as being affected in the US CISA's advisory for these vulnerabilities.
CISA advises users to upgrade their devices as soon as possible after the release of the patched versions in order to stay safe.
- Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614
- Dahua IPC-HX2XXX: Versions Prior to v2.820.0000000.48.R.220614
- Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620
Read More : Apple was once working on affordable ‘ iPhone Nano’, according to Steve Jobs email
https://bayanlarsitesi.com/
ReplyDeleteCihangir
Heybeliada
Yalova
Adana
CVS
Gümüşhane
ReplyDeleteKaraman
Kocaeli
Sakarya
Samsun
15Z2GE
Yalova
ReplyDeleteHatay
MuÅŸ
Bursa
Mersin
3OCD
adana evden eve nakliyat
ReplyDeletebolu evden eve nakliyat
diyarbakır evden eve nakliyat
sinop evden eve nakliyat
kilis evden eve nakliyat
YG4U7İ
D1901
ReplyDeleteÜnye Televizyon Tamircisi
Çerkezköy Çilingir
Bayburt Lojistik
Bybit Güvenilir mi
TekirdaÄŸ Evden Eve Nakliyat
Antep Şehirler Arası Nakliyat
Kütahya Lojistik
Tunceli Şehir İçi Nakliyat
Nevşehir Şehirler Arası Nakliyat
43811
ReplyDeleteAdana Lojistik
Bingöl Lojistik
Edirne Lojistik
Siirt Şehir İçi Nakliyat
UÅŸak Evden Eve Nakliyat
Kastamonu Şehir İçi Nakliyat
Sincan Boya Ustası
Bitlis Şehir İçi Nakliyat
Eskişehir Şehirler Arası Nakliyat
54D06
ReplyDeletedao maker
dexscreener
dexview
uwulend finance
layerzero
sushiswap
avalaunch
yearn finance
quickswap
E18A3
ReplyDeletebitcoin nasıl üretilir
kaldıraç nasıl yapılır
paribu
en az komisyon alan kripto borsası
bitcoin giriÅŸ
bitcoin nasıl kazanılır
telegram kripto para grupları
telegram en iyi kripto grupları
4g proxy
F9F9D
ReplyDeletebinance
kripto para telegram grupları
kucoin
binance
bitexen
gate io
canli sohbet
bingx
kripto para haram mı
5D268
ReplyDeletetelegram kripto grupları
copy trade nedir
mexc
mexc
filtre kağıdı
toptan mum
binance ne demek
referans kodu binance
canlı sohbet siteleri
2556C
ReplyDeleteücretli show whatsapp
AB138
ReplyDeletewhatsap görüntülü show
AC774
ReplyDeletesanal güvenilir şov
DE5CCCC214
ReplyDeletedüşmeyen takipçi satın al
AC840312F5
ReplyDeleteTelegram Farm Botları
En İyi Telegram Para Kazandıran Botlar
Telegram Para Kazanma
Yeni Telegram Madencilik Botları
Telegram Mining Botları
9E4CC60095
ReplyDeleteTelegram Coin Kazanma Botları
Telegram Güvenilir Airdrop Botları
Yeni Telegram Oyunları
En İyi Telegram Coin Botları
Telegram Güvenilir Coin Botları