Hey guys
Get report from dahua about their DSS has a Vulnerability issue, please follow the guide to finish the updating asap if you are using this DSS pro or DSS EXPRESS
dahuawiki.com
Security Notice – Information on Apache Log4j2 Remote Code Execution Vulnerability CVE-2021-44228
Summary
Dahua has provided notice along with the disclosure of technical details and PoC for critical vulnerability of Apache Log4j2, CVE-2021-44228 recently, with Base CVSS Score: 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/ UI:N/S:C/C:H/I:H/A:H). As has been widely reported, this vulnerability impacts millions of servers around the world, and its implications have not yet been fully assessed. What is known is that attackers can directly construct malicious requests to exploit this vulnerability in order to trigger remote code execution.
Upon being notified of Log4j2, Dahua immediately initiated technical analysis and product screening, and the preliminary investigation result follows:
Dahua Devices (including but not limited to: IPC, ITC, PTZ, NVR, DVR, HCVR, decoders, etc.) do not contain Apache Log4j2 components, so they are not directly affected by this vulnerability.
Dahua DSS software is subject to the Log4j2 vulnerability. We have posted a software patch on:
It is essential that users download and update their software as soon as possible.
If you have any questions or concerns about our assessment of products that may be affected, installing the path, or any other issue concerning Log42j, please contact our tech support or our field engineers at anytime.
Get report from dahua about their DSS has a Vulnerability issue, please follow the guide to finish the updating asap if you are using this DSS pro or DSS EXPRESS
DahuaWiki
dahuawiki.com
Security Notice – Information on Apache Log4j2 Remote Code Execution Vulnerability CVE-2021-44228
Summary
Dahua has provided notice along with the disclosure of technical details and PoC for critical vulnerability of Apache Log4j2, CVE-2021-44228 recently, with Base CVSS Score: 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/ UI:N/S:C/C:H/I:H/A:H). As has been widely reported, this vulnerability impacts millions of servers around the world, and its implications have not yet been fully assessed. What is known is that attackers can directly construct malicious requests to exploit this vulnerability in order to trigger remote code execution.
Upon being notified of Log4j2, Dahua immediately initiated technical analysis and product screening, and the preliminary investigation result follows:
Dahua Devices (including but not limited to: IPC, ITC, PTZ, NVR, DVR, HCVR, decoders, etc.) do not contain Apache Log4j2 components, so they are not directly affected by this vulnerability.
Dahua DSS software is subject to the Log4j2 vulnerability. We have posted a software patch on:
It is essential that users download and update their software as soon as possible.
If you have any questions or concerns about our assessment of products that may be affected, installing the path, or any other issue concerning Log42j, please contact our tech support or our field engineers at anytime.
