CERTVU:547255Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.0%
Overview
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.
Description
CWE-121**: Stack-based Buffer Overflow -**CVE-2017-3223
Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely.
Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera’s Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution.
The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.
Impact
A remote, unauthenticated attacker may submit a crafted POST request to the IP camera’s Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution.
Solution
Apply update
Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue. All affected users should update their firmware as soon as possible. If you have any questions, you may contact [email protected].
Vendor Information
547255
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Dahua Security __ Affected
Notified: May 31, 2017 Updated: July 17, 2017
Statement Date: July 17, 2017
Status
Affected
Vendor Statement
Dahua recommends all affected users to update the firmware of their device to new version. You can download version from <http://www.dahuasecurity.com/> If you have any questions, you can contact [email protected]
Vendor Information
Dahua has provided an updated firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 7.8 | E:POC/RL:OF/RC:C |
| Environmental | 5.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <http://www.dahuasecurity.com/firmware_161.html>
- <http://cwe.mitre.org/data/definitions/121.html>
Acknowledgements
Thanks to Ilya Smith of Positive Technologies for reporting this vulnerability.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2017-3223 |
|---|---|
| Date Public: | 2017-07-18 Date First Published: |
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.0%