Dahua IP cameras stung by Web interface bug
Long password risks remote code execution
Chinese camera-maker Dahua has flicked out a patch to fix a possible remote code execution vulnerability in its Web admin interface.
The company uses a Web interface named as “Sonia”* in this CERT advisory – and there's a stack buffer overflow to fix.
Unpatched, the advisory states, various versions of the Dahua firmware don't validate the input data length of the
That lets an attacker submit a POST command with a too-long password; “that may lead to out-of-bounds memory operations and loss of availability or remote code execution.”
The upgraded firmware is here.
Earlier this year, Dahua was pinged for letting anybody get at its cameras' credentials via a “secret” URL, exposed to the Internet.
It was also one among the many vendors of IP cameras and video recorders to have products recruited into last year's Mirai botnet. ®
* Because component bugs can flow onto many devices, El Reg usually tries to identify the source of the component. When it comes to Sonia, we confess to being uncertain about what software Dahua is using.
Ruby has a suitable class called Sonia; if, however, readers can identify a better candidate, leave a comment.