Security Advisory –Vulnerabilities found in some Dahua products

2024-07-31

Advisory IDDHCC-SA-202407-001

First Published2024-07-31


Cybersecurity is an on-going challenge for all IoT connected device manufacturers and users, as it is for all digital products and services. Dahua Technology is committed to developing and maintaining state-of-the-art cybersecurity practices, including through our product design process and our customer-facing Dahua Trust Center for transparent vulnerability reporting and handling.


In response to security issues reported by KITRI BoB 12th from Team.ENVY, Dahua immediately conducted a comprehensive investigation of affected product models and has developed patches and firmware that fix the vulnerabilities. Please download from https://www.dahuasecurity.com/support/downloadCenter or contact Dahua local technical support to upgrade.


We strongly suggest, consistent with cybersecurity best practice, that all Dahua customers follow our security advisory, in order to ensure their systems are up-to-date and maximally protected. In the meantime, customers with other concerns on cybersecurity related issues, please feel free to contact us at psirt@dahuatech.com.


Summary

1. CVE-2024-39944

Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

2. CVE-2024-39945

After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.

3. CVE-2024-39946

After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.

4. CVE-2024-39947

After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.

5. CVE-2024-39948

Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

6. CVE-2024-39949

Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.

7. CVE-2024-39950

Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.


Vulnerability Score

The vulnerability classification has been performed by using the CVSSv3.1 scoring system (http://www.first.org/cvss/specification-document).

CVE-2024-39944

Base Score:7.5(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Temporal Score: 6.7(E:P/RL:O/RC:C)


CVE-2024-39945

Base Score:4.9(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

Temporal Score:4.4(E:P/RL:O/RC:C)


CVE-2024-39946

Base Score:6.0(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)

Temporal Score:5.4(E:P/RL:O/RC:C)


CVE-2024-39947

Base Score:6.5(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Temporal Score:5.9(E:P/RL:O/RC:C)


CVE-2024-39948

Base Score:7.5(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Temporal Score:6.7(E:P/RL:O/RC:C)


CVE-2024-39949

Base Score:7.5(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Temporal Score:6.7(E:P/RL:O/RC:C)


CVE-2024-39950

Base Score:8.6(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

Temporal Score:7.7(E:P/RL:O/RC:C)


Affected Products & Fix Software

The following product series and models are currently known to be affected.

CVE ID

Affected Model

Affected Version

Fix Software

CVE-2024-39944

NVR4XXX

IPC-HX8XXX

Versions which Build time before 2024/2/2

DH_NVR4x-4KS2L_MultiLang_V4.003.0000000.1.R.240515
DH_NVR4XXX-4KS2-I(H)_MultiLang_V4.001.0000001.6.R.240725.zip
DH_NVR4x-4KS3_MultiLang_V4.003.0000000.0.R.240312
DH_IPC-HX8(7)XXX-TJ-Faraday_MultiLang_PN_V3.140.0000000.30.R.240725.zip

CVE-2024-39945

CVE-2024-39946

CVE-2024-39947

CVE-2024-39948

CVE-2024-39949

NVR4XXX

Versions which Build time before 2023/12/13

DH_NVR4x-4KS2L_MultiLang_V4.003.0000000.1.R.240515
DH_NVR4XXX-4KS2-I(H)_MultiLang_V4.001.0000001.6.R.240725.zip
DH_NVR4x-4KS3_MultiLang_V4.003.0000000.0.R.240312

CVE-2024-39950

NVR4XXX

IPC-HX8XXX

Versions which Build time before 2024/1/22

DH_NVR4x-4KS2L_MultiLang_V4.003.0000000.1.R.240515
DH_NVR4XXX-4KS2-I(H)_MultiLang_V4.001.0000001.6.R.240725.zip
DH_NVR4x-4KS3_MultiLang_V4.003.0000000.0.R.240312
DH_IPC-HX8(7)XXX-TJ-Faraday_MultiLang_PN_V3.140.0000000.30.R.240725.zip

Note: Please login to the Web interface of the device to view Build time, which you can find on the Settings-System Information-Version Information page (setting-systeminfo-version).


Fix Software Download

Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical support to upgrade.

l  Cloud Upgrade:For products with cloud upgrade capability, the related repair version will be successively pushed through the cloud upgrade within 30 working days.

l  Dahua Official website: https://www.dahuasecurity.com/support/downloadCenter

l  Dahua Technical Support Personnel.


Support Resources

For any questions or concerns related to our products and solutions, please contact Dahua PSIRT at psirt@dahuatech.com.


Acknowledgment

We acknowledge the support of KITRI BoB 12th from Team.ENVY who reported it to Dahua and coordinated with us to handle this vulnerability.


Revision History

Version

Description

Date

V1.0

Initial public release

2024-07-31