Dahua cameras stung by Web interface bug

Long paassssswwwwwoooorrrd risks remote code execution

Chinese camera-maker Dahua has flicked out a patch to fix a possible remote code execution vulnerability in its Web admin interface.

The company uses a Web interface named as “Sonia”* in this CERT advisory – and there's a stack buffer overflow to fix.

Unpatched, the advisory states, various versions of the Dahua firmware don't validate the input data length of the password field.

That lets an attacker submit a POST command with a too-long password; “that may lead to out-of-bounds memory operations and loss of availability or remote code execution.”

The upgraded firmware is here.

Earlier this year, Dahua was pinged for letting anybody get at its cameras' credentials via a “secret” URL, exposed to the Internet.

It was also one among the many vendors of IP cameras and video recorders to have products recruited into last year's Mirai botnet. ®

Bootnote

* Because component bugs can flow onto many devices, El Reg usually tries to identify the source of the component. When it comes to Sonia, we confess to being uncertain about what software Dahua is using.

Ruby has a suitable class called Sonia; if, however, readers can identify a better candidate, leave a comment.


Biting the hand that feeds IT © 1998–2017