7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.0%
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713
include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow.
CWE-121**: Stack-based Buffer Overflow -**CVE-2017-3223
Dahua IP camera products include an application known as Sonia (/usr/bin/sonia
) that provides the web interface and other services for controlling the IP camera remotely.
Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password'
field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera’s Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution.
The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.
A remote, unauthenticated attacker may submit a crafted POST request to the IP camera’s Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution.
Apply update
Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin
to address this issue. All affected users should update their firmware as soon as possible. If you have any questions, you may contact [email protected].
547255
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 31, 2017 Updated: July 17, 2017
Statement Date: July 17, 2017
Affected
Dahua recommends all affected users to update the firmware of their device to new version. You can download version from <http://www.dahuasecurity.com/> If you have any questions, you can contact [email protected]
Dahua has provided an updated firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin
to address this issue.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 7.8 | E:POC/RL:OF/RC:C |
Environmental | 5.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Ilya Smith of Positive Technologies for reporting this vulnerability.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2017-3223 |
---|---|
Date Public: | 2017-07-18 Date First Published: |
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.012 Low
EPSS
Percentile
85.0%