The US Cybersecurity and Infrastructure Security Agency (CISA) has warned about two critical vulnerabilities affecting Dahua IP cameras and related products.
The two vulnerabilities were discovered in 2021. However, the CISA has now added them to its catalog “based on evidence of active exploitation.”
Dahua is a major security camera vendor in the global market. However, the US government previously banned the import and sale of certain video surveillance products from Chinese vendors.
CISA said that Dahua IP cameras and related products contain authentication bypass vulnerabilities. Attackers can bypass device identity authentication by constructing malicious data packets.
CISA gave federal agencies until September 11th to “apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.”
According to a manufacturer’s website, the patched software is available and can be upgraded via the cloud, downloaded from the official website, or obtained by contacting technical support personnel.
In November 2022, the US Federal Communications Commission banned authorizations for Chinese telecommunications and video surveillance equipment, saying that Huawei, ZTE, Hytera, Hikvision, and Dahua are “deemed to pose a threat to national security.”
In the UK, the surveillance watchdog previously issued a warning over Chinese cameras.
CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of highlighted vulnerabilities.
Cybernews previously discovered many exposed cameras in the US, that could be accessed by any outsider, some in real-time.
Your email address will not be published. Required fields are markedmarked