SA ID: DHCC-201707-01

First Published: July 31, 2017

Summary:

Denial of Service vulnerability was found in some Dahua IP Cameras. It could be exploited to trigger null pointer error or buffer overflow, which will result in Denial of Service on devices with this vulnerability.

CVEID: CVE-2017-3223

Affected Products:

The following product models are affected

DH-IPC-A15, DH-IPC-A35, DH-IPC-C15, DH-IPC-C35,DH-IPC-HDBW1120E-W DH-IPC-HDBW1320E-W, DH-IPC-HFW1120S-W, DH-IPC-HFW1320S-W,DH-IPC-K15, DH-IPC-K35, DH-IPC-K15A, DH-IPC-K35A, DH-IPC-HDBW11A0EN-W,DH-IPC-HDBW13A0EN-W, DH-IPC-HFW11A0SN-W, DH-IPC-HFW13A0SN-W

Impact:

It could be exploited to attack devices with this vulnerability

Fixed software release:

Fixed software can be downloaded from Dahua website.

DH_IPC-Consumer-Zi-Themis_Eng_P_V2.400.0000.15.R.20170726

DH_IPC-Consumer-Zi-Themis_EngSpn_N_V2.400.0000.15.R.20170726

Support Resources

Dahua technical team will contact customers to advise and support the upgrade process. For any questions or concerns related to cybersecurity, please contact Dahua at psirt@dahuatech.com