Language: rus ukr eng


Sunday, 15 June
Mobile version  | RSS
News Ukraine Russia Peace Business Society Artistic and Culture Sports Policy PE Science and Health Photo Report Video

In popular IP-cameras found a dangerous vulnerability

04 August 2017, 13:54 | Technologies
photo InternetUA
Text Size:

Positive Technologies Company announced that its expert Ilya Smith has identified and helped to eliminate a critical vulnerability in the Dahua IP-camera firmware. They are widely used for video surveillance in the banking sector, energy, telecommunications, transport, smart home systems and other areas. This problem is affected hundreds of thousands of cameras around the world, produced by Dahua both under its own brand, and made for other customers.

Vulnerability CVE-2017-3223 received a maximum score of 10 on the CVSS Base Score. The lack of security is associated with the possibility of buffer overflow (Buffer Overflow) in the web interface of Sonia, designed for remote control and configuration of cameras. An unauthorized user can send a specially crafted POST request to a vulnerable web interface and remotely obtain administrator privileges, which means unlimited control over the IP camera.

"From a programmatic point of view, this vulnerability makes it possible to do anything with the camera," said Ilya Smith, senior researcher at Positive Technologies. - Intercept and modify video traffic, turn on the device in a botnet to implement DDoS attacks like Mirai and much more. Dahua takes the second place in the world in the field of IP cameras and DVR, while the vulnerability we discovered is very easy to use, which once again demonstrates the level of security in the field of devices for the Internet of things ".

Vulnerability is detected in IP cameras with DH_IPC-ACK-Themis_Eng_P_V2 software. 400. 0000. 14. R and earlier versions of the firmware. To resolve the error, you must update the software to DH_IPC-Consumer-Zi-Themis_Eng_P_V2. 408. 0000. eleven. 20170621. Further details can be found on the CERT website of the Carnegie Mellon University.



According to Positive Technologies, malicious users can potentially access more than 3.5 million IP cameras around the world. In addition, about 90% of all DVR systems used today for video surveillance by small and medium-sized businesses contain certain vulnerabilities and can be hacked.

This is not the first case of cooperation between the two companies. In 2013 year. Positive Technologies specialists helped to identify and eliminate numerous vulnerabilities in Dahua DVR systems.




Add a comment
:D :lol: :-) ;-) 8) :-| :-* :oops: :sad: :cry: :o :-? :-x :eek: :zzz :P :roll: :sigh:
 Enter the correct answer 
News archive "Technologies"
Ad
TOP   | 
  
Ethnicity sophistic Ethnicity sophistic
10 June 2025, 14:11 (e-news.com.ua)
More TOP
© 2009 - 2025 NewsMe. All rights reserved.
The site administration is not responsible for information what put in, as well as its reliability. Use material NewsMe permitted only for reference (for internet issues - hyperlinks) on NewsMe.com.ua.

Наши проекты: