Dahua Technology Addresses Vulnerabilities in Network Video Recorders and IP Cameras
Dahua Technology, a leading provider of video surveillance solutions, has released a security advisory addressing multiple vulnerabilities in their network video recorders (NVRs) and IP cameras. These vulnerabilities, with CVSS scores ranging from 4.9 to 8.6, could potentially allow attackers to crash devices, initiate device initialization, or even take control of devices under certain conditions.
Vulnerabilities and Impact
The vulnerabilities identified by Dahua include:
- CVE-2024-39944, CVE-2024-39948, CVE-2024-39949 (CVSS 7.5): Attackers can exploit these vulnerabilities by sending specially crafted data packets to the affected devices, potentially causing them to crash.
- CVE-2024-39945 (CVSS 4.9), CVE-2024-39946 (CVSS 6.0), CVE-2024-39947 (CVSS 6.5): These vulnerabilities require attackers to obtain valid administrator or user credentials. Once obtained, attackers can send malicious data packets to trigger device crashes or unauthorized device initialization.
- CVE-2024-39950 (CVSS 8.6): This vulnerability allows attackers to initiate device initialization by sending specially crafted data packets, potentially disrupting surveillance operations.
Affected Products and Mitigation
Dahua has identified specific product series and models affected by these vulnerabilities, including the NVR4XXX and IPCHX8XXX series with firmware versions built before specific dates in 2023 and 2024. To address these issues, Dahua has released updated firmware versions for the affected devices.
Recommendations for Users
Dahua Technology strongly recommends that users of the affected products take immediate action to mitigate the risks associated with these vulnerabilities. Users should:
- Check Device Firmware: Verify the firmware version of their NVRs and IP cameras to determine if they are vulnerable.
- Update Firmware: Download and install the latest firmware updates provided by Dahua Technology.
- Implement Security Best Practices: Follow recommended security practices, such as using strong passwords, regularly changing passwords, and restricting access to devices to authorized personnel only.
By promptly addressing these vulnerabilities, users can significantly reduce the risk of their surveillance systems being compromised and ensure the continued security and integrity of their video surveillance infrastructure.
