CVE-2017-3223
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.
Los productos de cámaras Dahua IP que emplean versiones de firmware anteriores a la V2.400.0000.14.R.20170713 incluyen una versión de la interfaz web de Sonia que podría ser vulnerable a un desbordamiento de búfer basado en pila. Los productos de cámaras Dahua IP incluyen una aplicación conocida como Sonia (/usr/bin/sonia) que proporciona la interfaz web y otros servicios para controlar de forma remota la cámara IP. Las versiones de Sonia incluidas en las versiones de firmware anteriores a DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 no validan la longitud de los datos de entrada para el campo "password" de la interfaz web. Un atacante remoto no autenticado podría enviar una petición POST manipulada a la interfaz web Sonia de las cámaras IP que podría conducir a operaciones de memoria fuera de límites y a la pérdida de disponibilidad o a la ejecución remota de código. El problema fue identificado originariamente por el investigador en la versión de firmware DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-05 CVE Reserved
- 2018-07-24 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99620 | Third Party Advisory | |
| https://www.kb.cert.org/vuls/id/547255 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dahuasecurity Search vendor "Dahuasecurity" | Ip Camera Firmware Search vendor "Dahuasecurity" for product "Ip Camera Firmware" | < dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin Search vendor "Dahuasecurity" for product "Ip Camera Firmware" and version " < dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Ip Camera Search vendor "Dahuasecurity" for product "Ip Camera" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Ip Camera Firmware Search vendor "Dahuasecurity" for product "Ip Camera Firmware" | < 2.400.0000.14.r.20170713 Search vendor "Dahuasecurity" for product "Ip Camera Firmware" and version " < 2.400.0000.14.r.20170713" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Ip Camera Search vendor "Dahuasecurity" for product "Ip Camera" | - | - |
Safe
|