Aperçu
An authentication bypass vulnerability exists in multiple Dahua products that allows attackers to bypass device identity authentication by sending malicious data packets during the login process. This vulnerability affects network surveillance and security camera products, enabling unauthorized access to affected devices. La vulnérabilité a été divulguée le September 15, 2021. CISA a identifié CVE-2021-33044 comme étant exploitée mais n'est pas actuellement connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
The vulnerability exists in the authentication mechanism of Dahua surveillance products. During the login process, the device validates user credentials through a handshake protocol. Attackers can craft malicious data packets that are processed by the authentication routine without proper validation of packet structure and authenticity. By manipulating the authentication protocol flow, an attacker can bypass the credential verification mechanism and gain unauthorized access to the device without providing valid credentials.
La vulnérabilité est classifiée comme CWE-287 (Improper Authentication) etCWE-354 (Improper Validation of Extraneous Input) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows an unauthenticated remote attacker to gain complete administrative access to the affected Dahua surveillance device. This enables the attacker to: view all recorded surveillance footage, modify or delete recordings, access camera feeds in real-time, change device settings and configurations, add unauthorized user accounts, disable security features, redirect video streams, potentially introduce malware to the device, and use the compromised device as a pivot point for further network attacks. For surveillance infrastructure, this represents a critical security breach with implications for privacy, physical security monitoring, and organizational security.
Mitigation et contournements
Contact Dahua support or check the official Dahua security advisory portal for firmware updates specific to your device model. Download and install the latest available firmware through the device's web interface or via TFTP. Each product line (DVR, NVR, IP Camera, HCVR) has separate firmware updates. Ensure to back up configuration before updating. Les versions suivantes incluent les correctifs nécessaires : Dahua firmware updates released June 2021 and later versions, DVR/NVR firmware versions released after June 2021, Specific version numbers vary by product line and region.
Comme contournements temporaires : restrict network access to dahua devices by implementing strict firewall rules. only allow trusted ip addresses/subnets to access the device management ports (37777/tcp, 37778/tcp, 80/tcp, 443/tcp). use network segmentation to isolate surveillance devices on a dedicated vlan.; disable remote access features and configure devices for local network access only. change default ports to non-standard values to reduce automated discovery., et monitor network traffic to and from surveillance devices for suspicious connection attempts or malformed packets on authentication ports..
Recommandation de CISA : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Ressources additionnelles
Source : Ce rapport a été généré par IA
