A flaw discovered in Dahua IP cameras, which can allow attackers to take full control of device

On Friday, researchers found a new vulnerability in Dahua’s Open Network Video Interface Forum (ONVIF) standard implementation which can let attackers take full control over the devices.

Tracked as CVE-2022-30563 (CVSS score: 7.4), the “vulnerability could be abused by attackers to compromise network cameras by sniffing a previous unencrypted ONVIF interaction and replaying the credentials in a new request towards the camera,” Nozomi Networks said in a report on Thursday.

The issue, which was put forward in a patch released on June 28, 2022, affects the following products –

• Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620
• Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614
• Dahua IPC-HX2XXX: Versions prior to v2.820.0000000.48.R.220614

ONVIF controls the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems can communicate with one another in a vendor-agnostic manner.

The bug identified by Nozomi Networks lives in what’s called the “WS-UsernameToken” authentication mechanism implemented in certain IP cameras developed by Chinese firm Dahua, letting attackers to compromise the cameras by replaying the credentials.

All the attacker needs to succeed in this attack is to be able to capture one unencrypted ONVIF request authenticated with the WS-UsernameToken schema, which will be then used to send a forged request with the same authentication data to trick the device into creating the admin account.