Main menu

Pages

Dahua IP Camera Vulnerability Could Allow Attackers to Take Full Control of Devices

IP cameras

 

Details have been shared about a vulnerability in Dahua's Open  Network Video Interface Forum (ONVIF) standard implementation, which, when exploited, could lead to the takeover of IP cameras.

The vulnerability is tracked as CVE-2022-30563 (CVSS score: 7.4), “Attackers could abuse the vulnerability in order to compromise network cameras by sniffing a previously unencrypted ONVIF interaction and restarting credentials in a new request toward the camera,” the network said. Nozomi Networks in a Thursday report.

The issue, which is addressed in a patch released on June 28, 2022, affects the following products:

Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620

Dahua IPC-HDBW2XXX: Pre-release versions 2.820.000000000.48.R.220614

Dahua IPC-HX2XXX: Pre-release versions 2.820.000000000.48.R.220614

ONVIF controls the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems communicate with each other in a manner that is not acceptable to vendors.

The bug identified by Nozomi Networks lies in the so-called "WS-UsernameToken" authentication mechanism applied in some IP cameras developed by Chinese company Dahua, allowing attackers to compromise the cameras by restarting credentials.

In other words, successful exploitation of the bug could allow the adversary to secretly add and exploit a malicious admin account to gain unrestricted access to an affected device with the highest privileges, including watching live camera feeds.


All the threat actor needs to launch this attack is to be able to capture an unencrypted ONVIF request authenticated using the WS-UsernameToken scheme, which is then used to send a forged request with the same authentication data to trick the machine into creating the administrator account.