Dahuasecurity.comではCookieならびに類似のテクノロジーを使用しています。Dahuaでは、Webサイトを正常に機能させるために機能性Cookieが使用され、ユーザ体験を最適化するために分析Cookieが使用されています。当社Webサイト外で、サードパーティのCookieによってデータが収集される場合もあります。「 同意します」をクリックするか、このWebサイトの使用を継続すると、Cookieを設定し、それに含まれる個人データが処理されることに同意したと見なされます。Cookieの使用に関する 詳細情報。

Security Notice – Media report on high risk vulnerability found in Dahua IPC-HDW4300S

695

First Published: November 16, 2017


Summary:


We observed media report dated November 15, 2017 about an upgrade function related hard coded credential vulnerability found in Dahua IPC-HDW4300S. The research report by Re Firm Labs was quoted as the source.


This IPC model (IPC-HDW4300S) is an out dated product. The last shipment date was February 2016. The latest firmware (released on November 6, 2015 version V2.420.009.0.R.20151106) did not have the mentioned vulnerability.


Initial analysis found this vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the IPC only to receive specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. Dahua have screened all actively shipping products against this vulnerability and found all products shipped after June 2017 are not affected. We are continuing with the screening on products already phased out. Update notice will be released as more information is available.


Support Resources

For any questions or concerns related to cybersecurity, please contact Dahua at cybersecurity@dahuatech.com