Abstract Advisory Information
A buffer overflow vulnerability found in some Dahua IP Camera devices.
This buffer overflow permits to control execution flow and could be used to perform illegitimate code execution.
Authors: Jean-Marie Bourbon
Version affected
Product DH-IPC-HFW1XXX, IPC-HFW2XXX, IPC-HDW1XXX with firmware build before November 2018.
Common Vulnerability Scoring System
7.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Patches
Updated firmwares are available on https://www.dahuasecurity.com/support/downloadCenter/firmware?id=111
References
https://www.dahuasecurity.com/support/cybersecurity/details/617
Vulnerability Disclosure Timeline
- 25-02-2019: Vulnerability identification
- 01-03-2019: First Contact to Vendor
- 05-03-2019: Acknowledgement from Vendor
- 11-04-2019: CVE-ID assigned by Vendor
- 31-05-2019: Vendor announces disclosure for June 10th
- 10-06-2019: Public disclosure