System Security Vulnerability Was Found In Some Dahua Devices

Date:24/11/2017

Security Notification – System security vulnerability was found in some Dahua devices
Notification ID: DHCC-SA-201711-004
First Published: November 24, 2017

CVE ID:
CVE-2017-9316

Summary:
Firmware upgrade authentication bypass vulnerability was found in some Dahua IP cameras. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.

Affected Products:
Within the first 24 hours after identifying the risk, Dahua has screened all actively shipping products against this vulnerability and found all products shipped after June 2017 are not affected. The screening of products shipped with firmware released between 2016 July and 2017 June identified the following affected products.

Nexus IP Camera's Version Number  
IP-280D-1.3MP V2.420.0009.0.R.20151106 Download
IP-280D-3.0MP V2.420.0009.0.R.20151106 Download
IP-280DI-1.3MP V2.420.0009.0.R.20151106 Download
IP-280DI-3.0MP V2.420.0009.0.R.20151106 Download
IP-360DSI-3.0MP V2.420.0009.0.R.20151106 Download
IP-360D-1.3MP V2.420.0009.0.R.20151106 Download
IP-360D-3.0MP V2.420.0009.0.R.20151106 Download
IP-360DI-1.3MP V2.420.0009.0.R.20151106 Download
IP-360DI-3.0MP V2.420.0009.0.R.20151106 Download
IP-360DSI-1.3MP V2.420.0009.0.R.20151106 Download
IP-360DSI-3.0MP V2.420.0009.0.R.20151106 Download
IP-360I-1.3MP V2.420.0009.0.R.20151106 Download
IP-360I-3.0MP V2.420.0009.0.R.20151106 Download
IP-390DMI-3.0MP V2.420.0009.0.R.20151106 Download
IP-390DV-1.3MP V2.420.0009.0.R.20151106 Download
IP-390DV-3.0MP V2.420.0009.0.R.20151106 Download
IP-390DVI-1.3MP V2.420.0009.0.R.20151106 Download
IP-390DVI-3.0MP V2.420.0009.0.R.20151106 Download
IP-390MI-3.0MP V2.420.0009.0.R.20151106 Download
IP-390VI-1.3MP V2.420.0009.0.R.20151106 Download
IP-390VI-3.0MP V2.420.0009.0.R.20151106 Download
IP-600DI-1.3MP V2.420.0009.0.R.20151106 Download
IP-600DI-3.0MP V2.420.0009.0.R.20151106 Download
Dahua IP Camera's  Version Number
IPC-HDB4100C-A-280 V2.420.0009.0.R.20151106 Download
IPC-HDB4100C-A-360 V2.420.0009.0.R.20151106 Download
IPC-HDB4100F-PT V2.420.0009.0.R.20151106 Download
IPC-HDBW4100E-360 V2.420.0009.0.R.20151106 Download
IPC-HDW4100C V2.420.0009.0.R.20151106 Download
IPC-HDW4100S-280 V2.420.0009.0.R.20151106 Download
IPC-HDW4100S-360 V2.420.0009.0.R.20151106 Download
IPC-HDW4100S-600 V2.420.0009.0.R.20151106 Download
IPC-HDW4100E-360 V2.420.0009.0.R.20151106 Download
IPC-HDW4120M V2.620.0000002.0.R.170830 Download
IPC-HDW4421EM-AS V2.620.0000002.0.R.170830 Download
IPC-HDW4421MP V2.620.0000002.0.R.170830 Download
IPC-HFW4100E-600 V2.420.0009.0.R.20151106 Download
IPC-HDB4300C-A-280 V2.420.0009.0.R.20151106 Download
IPC-HDW4300C-A-360 V2.420.0009.0.R.20151106 Download
IPC-HDB4300F-PT V2.420.0009.0.R.20151106 Download
IPC-HDBW4120E V2.620.0000002.0.R.170830 Download
IPC-HDBW4300E-AS-360 V2.420.0009.0.R.20151106 Download
IPC-HDW4300C V2.420.0009.0.R.20151106 Download
IPC-HDW4300C-A-280 V2.420.0009.0.R.20151106 Download
IPC-HDW4300S-360 V2.420.0009.0.R.20151106 Download
IPC-HDW4300S-600 V2.420.0009.0.R.20151106 Download
IPC-HFW4120E V2.620.0000002.0.R.170830 Download
IPC-HFW4300E-360 V2.420.0009.0.R.20151106 Download
IPC-HFW4300E-600 V2.420.0009.0.R.20151106 Download
IPC-HFW4421B V2.620.0000002.0.R.170830 Download
IPC-HFW4421E V2.620.0000002.0.R.170830 Download
IPC-HDB5100 V2.420.0009.0.R.20151106 Download
IPC-HDBW5100 V2.420.0009.0.R.20151106 Download
IPC-HFW5100C-L V2.420.0009.0.R.20151106 Download
IPC-HDB5300 V2.420.0009.0.R.20151106 Download
IPC-HDBW4421F V2.620.0000002.0.R.170830 Download
IPC-HDBW5300 V2.420.0009.0.R.20151106 Download
IPC-HDBW5300-DI V2.420.0009.0.R.20151106 Download
IPC-HFW5300C-L V2.420.0009.0.R.20151106 Download
IPC-HFW5300C-VF V2.420.0009.0.R.20151106 Download
IPC-HFW5300E-VF V2.420.0009.0.R.20151106 Download
IPC-HDBW5502 V2.420.0009.0.R.20151106 Download
IPC-HDBW5502-DI V2.420.0009.0.R.20151106 Download
IPC-HFW5502C V2.420.0009.0.R.20151106 Download
IPC-HDBW5421E-Z V2.620.0000002.0.R.170830 Download

Check if your device is at risk:

If your camera is listed in the table above and was purchased before June 2017 it is potentially at risk if connected directly to the internet and not to a Dahua NVR.

If your device is connected to a Dahua NVR then it is by definition protected from direct access from the internet, so not susceptible to the exploit. However, you should always ensure that the NVR is updated to the latest firmware version available. 

Solution:

Install Latest Firmware:
New firmware was released for all cameras known to be affected by this vulnerability. This firmware can be downloaded from the list above. Once downloaded, follow the upgrade instructions below.


Upgrading your Camera

This process is only recommended for advanced users. Our technical team will are available to advise and support the upgrade process. For any questions or concerns related to upgrading firmware, please contact us.
In order to complete the process below you will need the following equipment depending on the scenario you use to upgrade the camera
Laptop/PC
WiFi and or WAN Connection (Remote support to COP if required)
LAN connection to the camera and or NVR
Dahua ToolBox – Download Here
Dahua Config Tool - Download Here

1a. Update via Web Browser

It is recommended that the following steps are carried out by a CCTV engineer

  1.  Download and locate the firmware file on your computer (usually your downloads folder or desktop) and make a note of the location
  2.  Enter the camera IP address or domain name in the Internet Explorer address bar 
  3.  Log into the camera using your username and password 
  4.  If prompted, change the camera username and password, please ensure you keep these details safe.
  5.  Click the Setup Tab > Settings > Upgrade and browse to the file path of the downloaded firmware file
  6.  Select the firmware file and Click Open
  7.  Click the Upgrade button to start the upgrade process
  8.  The camera will reboot after the upgrade, close Internet Explorer and then re-open it
  9.  Enter the camera IP address or domain name in the Internet Explorer address bar
  10. Log into the camera using your username and password
  11. If prompted, install the new web plugin, click install and follow the installation wizard
  12. Ensure the camera is recording and review all camera settings if required

1b. Update via Dahua Config Tool (v3.210.0 or greater)

It is recommended that the following steps are carried out by a CCTV engineer

  1.  Download and locate the firmware file on your computer (usually your downloads folder or desktop) and make a note of the location
  2.  Open the Dahua Config Tool on your PC/Laptop
  3.  Change the search settings to the IP search range of your camera
  4.  Click search and all the cameras connected will show in the list
  5.  Click on the “Model” header this will list the camera in model order
  6.  Make a note of the version and build date
  7.  Click “Batch” and click on the camera(s) you wish to upgrade “CTRL” and select for multiple 
  8.  Click open and browse to the file path of the downloaded firmware file
  9.  Click “OK” the camera will start the upgrade process
  10.  The camera will reboot after the upgrade
  11. Do a new search and check to version and build date against the one noted earlier
  12. The update is complete when the build date shown updates to the new version
  13. Ensure the camera is recording and review all the camera settings if required

1c. Update via Dahua ToolBox

It is recommended that the following steps are carried out by a CCTV engineer

  1.  Download and locate the firmware file on your computer (usually your downloads folder or desktop) and make a note of the location
  2.  In order to use the Dahua ToolBox you will need to download and register it with Dahua using an email address and password prior to use
  3.  Open Dahua ToolBox and install the Dahua Config Tool
  4.  Change the search settings to the IP search range of your camera
  5.  Click search and all the cameras connected will show in the list
  6.  You can now select “Model” and this will list them by model, at this point you will need to make a note of the IP address of the cameras you wish to batch mode upgrade
  7.  On the left hand menu tree click on the “Upgrade” icon Click on the cameras wishing to upgrade from the IP address list
  8.  Make a note of the version and build date
  9.  Click open and browse to the file path of the downloaded firmware file
  10. Click upgrade – this will move to 50% to transfer the file to the camera -  it should then should install up to 100%
  11. The camera will reboot after the upgrade
  12. Start a new search and check to version and build date against the one noted earlier
  13. The update is complete when the build date shown updates to the new version
  14. Ensure the camera is recording and review all the camera settings if required