Headline
CVE-2022-30563: Security Advisory – Vulnerabilities found in some Dahua products
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet.
Advisory ID:DHCC-SA-202206-001
First Published:2022-06-28
Cybersecurity is an on-going challenge for all IoT connected device manufacturers and users, as it is for all digital products and services. Dahua Technology is committed to developing and maintaining state-of-the-art cybersecurity practices, including through our product design process and our customer-facing Dahua Cybersecurity Center (DHCC) for transparent vulnerability reporting and handling.
In response to the security issues reported by Nozomi Networks, Dahua immediately conducted a comprehensive investigation of affected product models and has developed patches and firmware that fix the vulnerabilities. Please download from https://www.dahuasecurity.com/support/downloadCenter or contact Dahua local technical support to upgrade.
We strongly suggest, consistent with cybersecurity best practice, that all Dahua customers follow our security advisory, in order to insure their systems are up-to-date and maximally protected. In the meantime, customers with other concerns on cybersecurity related issues, please feel free to contact us at [email protected]
Summary
1. CVE-2022-30560
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
2. CVE-2022-30561
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user’s login packet.
3. CVE-2022-30562
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack and redirect to a malicious page.
4. CVE-2022-30563
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet.
Vulnerability CVSS Score
The vulnerability classification has been performed by using the CVSSv3.1 scoring system (http://www.first.org/cvss/specification-document).
CVE-2022-30560
Base Score: 5.4 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)
Temporal Score: 4.9 (E:P/RL:O/RC:C)
CVE-2022-30561
Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Temporal Score: 5.3 (E:P/RL:O/RC:C)
CVE-2022-30562
Base Score: 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Temporal Score: 3.4 (E:P/RL:O/RC:C)
CVE-2022-30563
Base Score: 6.8 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
Temporal Score: 6.1 (E:P/RL:O/RC:C)
Affected Products & Fix Software
The following product series and models are currently known to be affected.
Affected Model
Affected Version
Fix Software
IPC-HDBW2XXX IPC-HFW2XXX
Versions which Build time before April, 2022
DH_IPC-HX2XXX-Molec_MultiLang_PN_V2.820.0000000.48.R.220614.zip DH_IPC-HX2XXX-Molec_MultiLang_NP_V2.820.0000000.48.R.220614.zip
ASI7XXXX
Versions which Build time before September, 2021
DH_ASI72XXX_Eng_NP_V1.000.0000009.0.R.220620.zip
Note: Please login to the Web interface of the device to view Build time, which you can find on the Settings-System Information-Version Information page (setting-systeminfo-version).
Fix Software Download
Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical support to upgrade.
· Cloud Upgrade: Dahua products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.
· Dahua Official website: Overseas: https://www.dahuasecurity.com/support/downloadCenter.
· Dahua Technical Support Personnel
Support Resources
For any questions or concerns related to our products and solutions, please contact Dahua DHCC at [email protected].
Acknowledgment
We acknowledge the support of Andrea Palanca from Nozomi Networks who discovered these vulnerabilities and reported to DHCC.
Revision History
Version
Description
Date
V1.0
Initial public release
2022-06-28
Related news
Details have been shared about a security vulnerability in Dahua's Open Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, can lead to seizing control of IP cameras. Tracked as CVE-2022-30563 (CVSS score: 7.4), the "vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the