Urgent!Apache Log4j2 Vulnerability issue on Dahua DSS

EMPIRETECANDY

IPCT Vendor
Joined
Nov 8, 2016
Messages
8,258
Reaction score
23,713
Location
HONGKONG
Hey guys

Get report from dahua about their DSS has a Vulnerability issue, please follow the guide to finish the updating asap if you are using this DSS pro or DSS EXPRESS


Security Notice – Information on Apache Log4j2 Remote Code Execution Vulnerability CVE-2021-44228



Summary

Dahua has provided notice along with the disclosure of technical details and PoC for critical vulnerability of Apache Log4j2, CVE-2021-44228 recently, with Base CVSS Score: 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/ UI:N/S:C/C:H/I:H/A:H). As has been widely reported, this vulnerability impacts millions of servers around the world, and its implications have not yet been fully assessed. What is known is that attackers can directly construct malicious requests to exploit this vulnerability in order to trigger remote code execution.



Upon being notified of Log4j2, Dahua immediately initiated technical analysis and product screening, and the preliminary investigation result follows:



Dahua Devices (including but not limited to: IPC, ITC, PTZ, NVR, DVR, HCVR, decoders, etc.) do not contain Apache Log4j2 components, so they are not directly affected by this vulnerability.



Dahua DSS software is subject to the Log4j2 vulnerability. We have posted a software patch on:
It is essential that users download and update their software as soon as possible.



If you have any questions or concerns about our assessment of products that may be affected, installing the path, or any other issue concerning Log42j, please contact our tech support or our field engineers at anytime.


1639704224421.png

1639704242692.png

1639704252297.png

1639704265598.png
 

Zook

Getting comfortable
Joined
Dec 21, 2020
Messages
207
Reaction score
635
Location
us
Uh, so I hear log4j can infiltrate any computer system and there is a high level threat it can be used to shut down the internet.
I heard 800,000 attacks were detected within a 72 hour hour period, or 100 attacks per minute.
Iran is already trying to hack into Israel's government computers.
The exploit was discovered by someone in China. :facepalm:
 
Top