Research shows that a vulnerability in Dahua’s Open Network Video Interface Forum or ONVIF standard implementation can allow attackers to take over the tech brand’s IP cameras.
With a CVSS score of 7.4, the vulnerability tracked as CVE-2022-30563 could be exploited to compromise companies’ network cameras by reusing an unencrypted ONVIF interaction and replaying its credentials to a new request within the camera.
Three Dahua products, including Dahua ASI7XXX, Dahua IPC-HDBW2XXX, and Dahua IPC-HX2XXX, with specific versions susceptible to the flaws, have been addressed with a patch that was released last June 28.
The ONVIF standard implementation oversees the communication between all IP-based physical security tools, including surveillance cameras and access control systems.
As identified, the flaw was found inside the ‘WS-UsernameToken’ authentication mechanism employed in specific IP cameras of Dahua that aided hackers in compromising them through replaying credentials.
Suppose the attackers had successfully abused the flaw on the affected Dahua IP cameras. In that case, they could stealthily create an admin account to obtain escalated access privileges to the devices, such as to watch live feeds from video surveillance.
According to analysts, hackers only needed to acquire one unencrypted and authenticated ONVIF request to send a malicious request using the same authentication data to deceive the device into establishing a new admin account.
The same security vulnerabilities were found in other tech brands like Axis, Reolink, ThroughTek, and Anneke. Experts believe that the risks posed by the flaws in security and IP cameras could threaten the safety of critical infrastructure facilities.
Many state-backed hackers could exploit the flaws if they found them, especially since it could be helpful for them to spy on targeted companies and gather intelligence. The security analysts added that obtaining a hidden view of the target’s environment could further aid attackers in surveying before initiating a cyberattack.
Thus, critical facilities with installed IP cameras affected by the vulnerability must conduct a patch implementation measure to prevent potential exploitation from hackers.
