Threat Watch

Dahua Surveillance Cams Are Remotely Exploitable During the Login Process

Dahua Technology has released an extensive list of their surveillance cameras that contain authentication bypass flaws. During the login process, attackers can construct malicious data packets and bypass device identity authentication. The vulnerability severity level has a base score of 8.1 and is being tracked as CVE-2021-33044 and CVE-2021-33045.

Dahua is a China-based surveillance camera vendor that has been banned from selling its products in the United States since October 2019. However, many of their surveillance cameras were purchased before the ban took effect and are visibly in use on the Shodan platform, including both affected and non-affected models.

ANALYST NOTES

Affected Dahua users are strongly urged to update their cameras to the latest firmware.

As many organizations continue to increase their use of IoT devices in their network, it is increasingly important to establish strict security guidelines to minimize risks. Easily guessable and weak default credentials should be changed to a long and complex password. Additionally, an isolated network should be established specifically for IoT devices.

https://www.bleepingcomputer.com/news/security/unpatched-dahua-cams-vulnerable-to-unauthenticated-remote-access/