Abstract Advisory Information
A buffer overflow vulnerability found in some Dahua IP Camera devices.
This buffer overflow permits to control execution flow and could be used to perform illegitimate code execution.
Authors: Jean-Marie Bourbon
Product DH-IPC-HFW1XXX, IPC-HFW2XXX, IPC-HDW1XXX with firmware build before November 2018.
Common Vulnerability Scoring System
Updated firmwares are available on https://www.dahuasecurity.com/support/downloadCenter/firmware?id=111
Vulnerability Disclosure Timeline
- 25-02-2019: Vulnerability identification
- 01-03-2019: First Contact to Vendor
- 05-03-2019: Acknowledgement from Vendor
- 11-04-2019: CVE-ID assigned by Vendor
- 31-05-2019: Vendor announces disclosure for June 10th
- 10-06-2019: Public disclosure