Dahua Technology Addresses Vulnerabilities in Network Video Recorders and IP Cameras

Dahua Technology, a leading provider of video surveillance solutions, has released a security advisory addressing multiple vulnerabilities in their network video recorders (NVRs) and IP cameras. These vulnerabilities, with CVSS scores ranging from 4.9 to 8.6, could potentially allow attackers to crash devices, initiate device initialization, or even take control of devices under certain conditions.

Vulnerabilities and Impact

The vulnerabilities identified by Dahua include:

• CVE-2024-39944, CVE-2024-39948, CVE-2024-39949 (CVSS 7.5): Attackers can exploit these vulnerabilities by sending specially crafted data packets to the affected devices, potentially causing them to crash.
• CVE-2024-39945 (CVSS 4.9), CVE-2024-39946 (CVSS 6.0), CVE-2024-39947 (CVSS 6.5): These vulnerabilities require attackers to obtain valid administrator or user credentials. Once obtained, attackers can send malicious data packets to trigger device crashes or unauthorized device initialization.
• CVE-2024-39950 (CVSS 8.6): This vulnerability allows attackers to initiate device initialization by sending specially crafted data packets, potentially disrupting surveillance operations.

Affected Products and Mitigation

Dahua has identified specific product series and models affected by these vulnerabilities, including the NVR4XXX and IPCHX8XXX series with firmware versions built before specific dates in 2023 and 2024. To address these issues, Dahua has released updated firmware versions for the affected devices.

Recommendations for Users

Dahua Technology strongly recommends that users of the affected products take immediate action to mitigate the risks associated with these vulnerabilities. Users should:

1. Check Device Firmware: Verify the firmware version of their NVRs and IP cameras to determine if they are vulnerable.
2. Update Firmware: Download and install the latest firmware updates provided by Dahua Technology.
3. Implement Security Best Practices: Follow recommended security practices, such as using strong passwords, regularly changing passwords, and restricting access to devices to authorized personnel only.

By promptly addressing these vulnerabilities, users can significantly reduce the risk of their surveillance systems being compromised and ensure the continued security and integrity of their video surveillance infrastructure.

Related Posts:

• Hacker group Anonymous controls over 400 Russian cameras
• Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately