4 critical vulnerabilities in Dahua IP Camera allow to take control of CCTV system remotely. Patch immediately

Dahua surveillance cameras are used throughout many critical infrastructure sectors such as oil & gas, power grids, telecommunications, etc. These cameras are used to oversee many production processes, providing remote visibility to process engineers. Threat actors, nation-state threat groups in particular, could be interested in hacking IP cameras to help gather intel on the equipment or production processes of the target company. This information could aid in reconnaissance conducted prior to launching a cyberattack. With more knowledge of the target environment, threat actors could craft custom attacks that can physically disrupt production processes in critical infrastructure.

The vendor has published details of four vulnerabilities impacting Dahua IP Camera that can allow attackers to seize control of IP cameras. 

1. CVE-2022-30560

Base Score: 5.4 

When an attacker obtains the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.

2. CVE-2022-30561

Base Score: 5.9

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user’s login packet.

3. CVE-2022-30562

Base Score: 3.7

If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack and redirect to a malicious page.

4. CVE-2022-30563

Base Score: 6.8

When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user’s login packet.The issue affects Dahua’s implementation of the Open Network Video Interface Forum (ONVIF). This vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera. Once obtained the credentials, an attacker can add an administrator account and use it to obtain full access to the device and perform actions such as watching live footage 

The following versions of Dahua video products, are affected:

  • Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620
  • Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614
  • Dahua IPC-HX2XXX: Versions Prior to v2.820.0000000.48.R.220614

The vendor addressed the issue with the release of a patch.