Jump to content
Sign in to follow this  
nightrider

Dahua potential security issues

Recommended Posts

Hello!

 

I was kinda surprised when I discovered some serious security issues regarding allegedly all Dahua devices.

 

1) The administrative service which is public and required for access through web, *PSS, and the mobile client, requires no authentication nor authorization of any sort. Anybody could potentially retrieve or change various sensitive info.

2) The telnet root access with publicly known static password.

3) The publicly known date based password generation algorithm for the admin and probably other accounts too.

4) Most services credentials are stored and transferred as clear text.

5) UPnP requests from untrusted sources could be used to expose telnet or any other service of the device to the Internet.

 

These have been well known issues for over a year now and from what I've read, it seems that they haven't been fixed yet.

 

Do any of you know if the above issues are still present? Perhaps they are considered by Dahua as "features" and features never got fixed.

 

Thank you.

Share this post


Link to post
Share on other sites

Dahua Are messing everything up at the moment

 

Going back to there old ways like they did 8 years ago.

 

Last few days all apps are being updated

 

If you paid for there app ........ That goes when updated and replaced by IDMSS which is free

 

The new updated IDMSS ....... Slow and image quality is poor

Now has P2P which is un secure ........this now makes dahua not a pro commercial system

Share this post


Link to post
Share on other sites

Clearly the general idea behind the fairly new P2P service is convenience. But I am afraid that the design of it may contain the same security flaws.

Share this post


Link to post
Share on other sites

2) It seems they've changed the password in the newer devices.

3) The algorithm is changed too. Perhaps they've changed only the static four numbers group and I guess it won't take too much time for someone to guess the new one.

Share this post


Link to post
Share on other sites
Dahua Are messing everything up at the moment

 

Going back to there old ways like they did 8 years ago.

 

Last few days all apps are being updated

 

If you paid for there app ........ That goes when updated and replaced by IDMSS which is free

 

The new updated IDMSS ....... Slow and image quality is poor

Now has P2P which is un secure ........this now makes dahua not a pro commercial system

 

Seems to go in fits and starts with them to be honest. I spend most of the day smacking my head into the wall now.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×