Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow
CVE-2017-3223

9.8CRITICAL

Key Information:

Vendor: Dahua
Status: Ip Camera
Vendor: CVE Published:; 24 July 2018

What is CVE-2017-3223?

Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.

Affected Version(s)

IP Camera DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621

References

https://www.kb.cert.org/vuls/id/547255

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/99620

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2018
Vulnerability Reserved
Dec 5, 2016

Credit

Thanks to Ilya Smith of Positive Technologies for reporting this vulnerability.