System Security Vulnerability Was Found In Some Dahua Devices

Date:17/03/2017

Security Notification – System security vulnerability was found in some Dahua devices
Notification ID: DHCC-201703-01
First Published: March 17, 2017

CVE ID:
Not listed in CVE

Summary:
A system security vulnerability was found in some Dahua products. This vulnerability could be exploited to attack products online that are using port forwarding (open access to the internet).
Some products can be accessed remotely using the 888888 (local only) account that is not intended for remote access.
Some products could also be vulnerable to a script that can read existing passwords and allow access to on line devices even if there default passwords are changed.  

Impact:
Vulnerable devices can be have their settings changed remotely, including camera brightness, contrast and channel name.
In some cases the channel name is changed to “HACKED” or “FIRMWARE”
In some cases the network settings are also changed to prevent remote access.

Affected Devices:

IP NVR's HDCVI DVR's
NVR104-P HCVR5104C-S2
NVR1104H-P HCVR5104C-S3
NVR1104-P HCVR5104H-S2-1T
NVR4104H-P HCVR5104HS-S3-1T
NVR4104HS-P-4KS2 HCVR5108C-S2
NVR4208-8P HCVR5108C-S3
NVR4208-8P-4K HCVR5108H-S2
NVR4208-8P-4KS2 HCVR5108HS-S3
NVR4216-8P HCVR5216A-S2
NVR4416-16P HCVR5216A-S3
NVR4416-16P-4K HCVR5416L-V2
NVR4416-16P HCVR5832S-S2
NVR4832 HCVR7204A-S2
NVR4832-4KS2 HCVR7204A-V2
NVR5864-4KS2 HCVR7208A-S3
NVR6000 HCVR7208A-V2
NVR608-32-4K HCVR7416L
NVR608-32-4KS2 HCVR7816S
NVR616-128-4KS2  
NVR724-256  
NVR7832  
NVR7864  

 

HDCVI XVR's NEXUS NVR's
XVR5104C IP-NVR04P
XVR5104HS IP-NVR08P
XVR5108C IP-NVR16P
XVR5108HS IP-NVR32
XVR5216A IP-NVR64
  IP-NVR128

Check if your device is at risk:

Your unit MAY be vulnerable if; 

1. You purchased your device from COP Security before 1st April 2017

AND

2. Your device is connected to the internet

Please Note: Devices purchased from COP Security after 1st April 2017 have the latest firmware already installed (that addresses this vulnerability) and any units not connected to the internet are not vulnerable, but we strongly recommend following our Best Practice Information section, to ensure maximum security for your networked device.

Please also Note: If your device was purchased before April 2017 it may already have the latest firmware that addresses this vulnerability, please check the version number of the firmware in your device against the list of the latest version on our update firmware page.

If your device is vulnerable

We recommend upgrading your device to the latest firmware.

If your device has been compromised

Follow the link below to secure your device.