Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDahuasecurity Ip Camera
HWDahuasecuritywszystkie wersjeDahuasecurity Ip Camera Firmware
OSDahuasecurity< dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin< 2.400.0000.14.r.20170713
Powiązane podatności
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Use the default low-privilege creden...
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attack...
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attack...
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit thi...
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During n...