Quick question - back in 2018 I purchased a few Dahua cameras from Empire Andy based on this forum's help. I noticed one of the cameras falls into this latest security bulletin. When I click into the camera and go to update the firmware via a manual check it says it has the latest firmware (dated 2018). On the Dahua website there is a ton of additional firmware files relevant to this series of camera - SD1A1. Should I download something from the Dahua site, or just let it go because maybe these are gray market with different firmware?
Quick question - back in 2018 I purchased a few Dahua cameras from Empire Andy based on this forum's help. I noticed one of the cameras falls into this latest security bulletin. When I click into the camera and go to update the firmware via a manual check it says it has the latest firmware (dated 2018). On the Dahua website there is a ton of additional firmware files relevant to this series of camera - SD1A1. Should I download something from the Dahua site, or just let it go because maybe these are gray market with different firmware?
Thanks - I don't port forward if that is what you mean. I use Blue Iris to view the cameras. UPnP is off. I don't see a P2P option. Anything else I should look at?
Yes all devices 10.x.x.x scheme and cameras go through the my PoE switch which is plugged into my Mikrotik router. I can look at those settings (its like a foreign language) to see if I can do some sort of prevention from accessing the internet.
Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing.
Quick question - back in 2018 I purchased a few Dahua cameras from Empire Andy based on this forum's help. I noticed one of the cameras falls into this latest security bulletin. When I click into the camera and go to update the firmware via a manual check it says it has the latest firmware (dated 2018). On the Dahua website there is a ton of additional firmware files relevant to this series of camera - SD1A1. Should I download something from the Dahua site, or just let it go because maybe these are gray market with different firmware?
Yes, IPVM report this after dahua release. Dahua also has 3rd party lab now to test their product cyber security.
Most firmware i already posted on the forum EmpireTech Andy
Thanks all - I have UPnP off, Port Forwarding off and I don't use a VPN but as mentioned I use Blue Iris. I'll update the firmware from Andy as listed above too just to be safe.
Thanks all - I have UPnP off, Port Forwarding off and I don't use a VPN but as mentioned I use Blue Iris. I'll update the firmware from Andy as listed above too just to be safe.
When you say you use BI --- you mean when you are at home on your LAN-- right? If you are viewing it away from home, then you have your network open and vulnerable to the outside. You need some kind of VPN for encrypted access to your LAN when you are away from home.
When you say you use BI --- you mean when you are at home on your LAN-- right? If you are viewing it away from home, then you have your network open and vulnerable to the outside. You need some kind of VPN for encrypted access to your LAN when you are away from home.
I am using BI remotely via their encryption at or at least I assumed (maybe incorrectly) that there was some level of encryption/security on the end of BI. I do have a VPN that I use for other tasks, I guess I could not let BI speak to the outside world and just turn on my VPN then open the BI app.
