Menu
What's new

Dahua security vulnerability

L

ludshed

Getting comfortable
Joined
Sep 14, 2022
Messages
483
Reaction score
595
Location
Us
If there’s a better section for this mods feel free to relocate.
Just received an email from Dahua about a new exploit. Don’t think it will affect most here as it’s a vulnerability with DSS pro and express but figured I’d pass it along.
 

Attachments

alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,952
Reaction score
6,786
Location
Scotland
A tranche of 12 vulnerabilities listed in this Dahua advisory, following reporting by Bashis now working for IPVM :
www.dahuasecurity.com

Trust Center - Dahua UK&Ireland

Dahua fully recognizes the importance of cybersecurity. Here you can find the latest cybersecurity notices/announcements, how to report a vulnerability, and recommended prevention methods
www.dahuasecurity.com www.dahuasecurity.com
 
F

funtoosko

n3wb
Joined
Jan 23, 2023
Messages
18
Reaction score
3
Location
AU
Hi,

New to this forum,

I own a Dahua DHI-NVR5216-16P-4KS2E [V4.001.0000006.0, Build Date: 2021-02-08 ]and recently noted a long beep from the system, never heard such beep before, looked at the system log and noticed 5 failed login attempts and again after few minutes heard same long beep and this time was looking at the monitor console (connected to console port of NVR) and noted someone was attempting to login and could see characters being entered on the login dialog box's password text field.

1674457689109.png

Seems some one was connected to the system and were attempting to break-in but failed due to the strong password set on the device. This sounds to me a potential vulnerability with the system and adversary was able to exploit it and gained access to the system and was attempting to login ?

The log doesn't show where the attempts where made from which IP, it just says "
IP AddressLocal

It is crazy how could someone connect through to the NVR console remotely? NVR is connect to the router which has private WAN IP issue by ISP and is not directly exposed to internet as the IP is non routable/reachable from internet.

As anyone every encountered such situation ?
 
wittaj

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,869
Reaction score
48,504
Location
USA
funtoosko said:
Hi,

New to this forum,

I own a Dahua DHI-NVR5216-16P-4KS2E [V4.001.0000006.0, Build Date: 2021-02-08 ]and recently noted a long beep from the system, never heard such beep before, looked at the system log and noticed 5 failed login attempts and again after few minutes heard same long beep and this time was looking at the monitor console (connected to console port of NVR) and noted someone was attempting to login and could see characters being entered on the login dialog box's password text field.

View attachment 151738

Seems some one was connected to the system and were attempting to break-in but failed due to the strong password set on the device. This sounds to me a potential vulnerability with the system and adversary was able to exploit it and gained access to the system and was attempting to login ?

The log doesn't show where the attempts where made from which IP, it just says "
IP AddressLocal
It is crazy how could someone connect through to the NVR console remotely? NVR is connect to the router which has private WAN IP issue by ISP and is not directly exposed to internet as the IP is non routable/reachable from internet.


As anyone every encountered such situation ?
Click to expand...
For those following along, he created a thread as well

Potential vulnerability in NVR

Hi, New to this forum, I own a Dahua DHI-NVR5216-16P-4KS2E [V4.001.0000006.0, Build Date: 2021-02-08 ]and recently noted a long beep from the system, never heard such beep before, looked at the system log and noticed 5 failed login attempts and again after few minutes heard same long beep and...
ipcamtalk.com ipcamtalk.com
 
You must log in or register to reply here.
Top