U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Dahua Video Recorders and Cameras affected by a serious flaw. Is it a backdoor?

The manufacture Dahua Technology has started releasing firmware updates fix a serious flaw in some models of its video recorders and IP cameras. Security experts believe the flaw is a true backdoor that could be used to remotely access the user database containing usernames and hashed passwords. The backdoor was discovered by a researcher that is known online as “bashis.” Once the attacker […]

Dahua Video Recorders and Cameras affected by a serious flaw. Is it a backdoor?

The manufacture Dahua Technology has started releasing firmware updates fix a serious flaw in some models of its video recorders and IP cameras.

Security experts believe the flaw is a true backdoor that could be used to remotely access the user database containing usernames and hashed passwords.

The backdoor was discovered by a researcher that is known online as “bashis.”

Once the attacker gains the administrator credentials stored in the database, he can be used to log in to the device. Representatives at the company Dahua admitted the issue and classified it as a ‘coding issue’ that was not done intentionally.

Of course, the researcher who discovered the flaw expresses skepticism of the error claim.

According to an analysis shared by IPVM, the password hashes can be used directly to log in, in fact, there is no need to crack them.

Bashis did not report the issue to Dahua, initially, he also released a proof-of-concept (PoC) exploit code that was later removed by the researchers due to a request of the manufacturer.

On April 5, the researchers made against available online the PoC.

Dahua replied with a security bulletin that admits the presence of the error in the code of its devices.

“We were recently made aware of a cybersecurity vulnerability that affects certain Dahua recorders and IP cameras. It’s important to note that the vulnerability is not the result of a malicious attack on any specific installation where our products are deployed; it was discovered by Bashis conducting independent testing of various suppliers’ surveillance products.” reads the security bulletin.

The company published a list of vulnerable devices, users are invited to download and updated the firmware of their devices.

Model Number Where to Update Firmware
DH-IPC-HDW23A0RN-ZS

DH-IPC-HDBW23A0RN-ZS

Download Link
DH-IPC-HDBW13A0SN

DH-IPC-HDW13A0SN

DH-IPC-HFW13A0SN-W

Download Link
DH-IPC-HDBW13A0SN

DH-IPC-HDW13A0SN

DH-IPC-HFW13A0SN-W

Download Link
DHI-HCVR51A04HE-S3 Download Link
DHI-HCVR51A08HE-S3 Download Link
DHI-HCVR58A32S-S2 Download Link

 

Dahua is still investigating the issues, it is likely that other devices may be affected by the same issue.

The security of IoT devices is crucial, recently I reported in exclusive the news of a large-scale attack launched by a criminal gang leveraging the SSH TCP direct forward attack technique through a thingbot.

According to a report published by FlashPoint, the recent attacks on the Mirai botnet involved a huge number of Dahua devices.

The researchers explained that the botnet was mainly composed of video surveillance devices manufactured by Dahua Technology.

“While investigating the recent large-scale distributed denial-of-service (DDoS) attacks, Flashpoint identified the primary manufacturer of the devices that utilize the default username and password combination known as root and xc3511.” reads a report published by Flashpoint. “The Dahua devices were identified early because of their distinctive interface and recent use in other botnets. Utilizing the “botnets. Utilizing the “Low Impact Identification Tool” or LIFT, Flashpoint was able to identify a large number of these devices in the attack data provided.” states the report.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Dahua,  IoT)