Dahuasecurity.com은 쿠키 및 유사 기술을 사용합니다. 다후아는 기능성 쿠키를 사용하여 웹 사이트가 제대로 작동하도록 하고 분석 쿠키를 사용하여 사용자 경험을 최적화합니다. 제3자 쿠키는 당사 웹 사이트 외부에서도 데이터를 수집할 수 있습니다. 다음을 클릭함으로써 동의하시거나 이 웹 사이트를 계속 사용하면 쿠키 설정과 관련된 개인 데이터 처리에 동의하게 됩니다. 다음에 대한 자세한 정보 쿠키 개인정보 처리 방침

Security Notice – Media report on high risk vulnerability found in Dahua IPC-HDW4300S

343

First Published: November 16, 2017


Summary:


We observed media report dated November 15, 2017 about an upgrade function related hard coded credential vulnerability found in Dahua IPC-HDW4300S. The research report by Re Firm Labs was quoted as the source.


This IPC model (IPC-HDW4300S) is an out dated product. The last shipment date was February 2016. The latest firmware (released on November 6, 2015 version V2.420.009.0.R.20151106) did not have the mentioned vulnerability.


Initial analysis found this vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the IPC only to receive specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. Dahua have screened all actively shipping products against this vulnerability and found all products shipped after June 2017 are not affected. We are continuing with the screening on products already phased out. Update notice will be released as more information is available.


Support Resources

For any questions or concerns related to cybersecurity, please contact Dahua at cybersecurity@dahuatech.com