Security Notice – Media report on high risk vulnerability found in Dahua IPC-HDW4300S

First Published: November 16, 2017

Summary:

We observed media report dated November 15, 2017 about an upgrade function related hard coded credential vulnerability found in Dahua IPC-HDW4300S. The research report by Re Firm Labs was quoted as the source.

This IPC model (IPC-HDW4300S) is an out dated product. The last shipment date was February 2016. The latest firmware (released on November 6, 2015 version V2.420.009.0.R.20151106) did not have the mentioned vulnerability.

Initial analysis found this vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the IPC only to receive specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. Dahua have screened all actively shipping products against this vulnerability and found all products shipped after June 2017 are not affected. We are continuing with the screening on products already phased out. Update notice will be released as more information is available.

Support Resources

For any questions or concerns related to cybersecurity, please contact Dahua at cybersecurity@dahuatech.com

All Products

Key Technologies

Products

Solutions by Industry

SMB Solutions by Scenario

SMB Solutions by Application

Solution

Support

Partner

News & Events

About Us

CYBERSECURITY

Cybersecurity

Security Notice – Media report on high risk vulnerability found in Dahua IPC-HDW4300S