Has this been mentioned already?
Summary:
1. The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets.
2. Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packets.
3. Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in.
4. Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets.
5. Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means.
https://www.dahuasecurity.com/support/cybersecurity/details/637
Jim
Summary:
1. The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets.
2. Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packets.
3. Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in.
4. Some Dahua products have information leakage issues. Attackers can obtain the IP address and device model information of the device by constructing malicious data packets.
5. Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means.
https://www.dahuasecurity.com/support/cybersecurity/details/637
Jim
