Sign-up

ID

VAR-201807-0267


CVE

CVE-2017-3223


TITLE

Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow

Trust: 0.8

sources: CERT/CC: VU#547255

DESCRIPTION

Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803. Crafted, sent from a remote third party POST Processing the request can cause a stack-based buffer overflow. The problem is the firmware DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803 First identified.Crafted, sent by a remote third party POST Service disruption by processing requests (DoS) An attack may be performed or arbitrary code may be executed on the product. DahuaIPCamera is a webcam from Dahua, China. DahuaIPCamera has a stack buffer overflow vulnerability. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service in the context of an affected application. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 3.15

sources: NVD: CVE-2017-3223 // CERT/CC: VU#547255 // JVNDB: JVNDB-2017-005172 // CNVD: CNVD-2017-27850 // BID: 99620

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-27850

AFFECTED PRODUCTS

vendor:dahuasecuritymodel:ip camerascope:ltversion:2.400.0000.14.r.20170713

Trust: 1.0

vendor:dahuasecuritymodel:ip camerascope:ltversion:dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin

Trust: 1.0

vendor:dahua securitymodel: - scope: - version: -

Trust: 0.8

vendor:dahuamodel:ip camerascope: - version: -

Trust: 0.8

vendor:dahuamodel:security dahua ip camera 2.400.0000.14.r.2017scope: - version: -

Trust: 0.6

vendor:dahuamodel:security ip camera 2.400.0000.14.r.2017scope: - version: -

Trust: 0.3

vendor:dahuamodel:security ip camera 2.400.0000.14.r.2017scope:neversion: -

Trust: 0.3

sources: CERT/CC: VU#547255 // CNVD: CNVD-2017-27850 // BID: 99620 // JVNDB: JVNDB-2017-005172 // NVD: CVE-2017-3223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3223
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-3223
value: HIGH

Trust: 0.8

IPA: JVNDB-2017-005172
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-27850
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201707-1180
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2017-3223
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2017-3223
severity: HIGH
baseScore: 10.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-005172
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-27850
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-3223
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-005172
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CERT/CC: VU#547255 // CNVD: CNVD-2017-27850 // JVNDB: JVNDB-2017-005172 // CNNVD: CNNVD-201707-1180 // NVD: CVE-2017-3223

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.8

problemtype:CWE-119

Trust: 1.0

sources: JVNDB: JVNDB-2017-005172 // NVD: CVE-2017-3223

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1180

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201707-1180

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005172

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#547255

PATCH
title:Download Center Firmware IPCurl:http://www.dahuasecurity.com/firmware_161.html
Trust: 0.8
title:DahuaIPcamera Stack Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/102594
Trust: 0.6
title:Dahua IP camera Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72025
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-27850 // 
            
            
            
            JVNDB: JVNDB-2017-005172 // 
            
            
            
            CNNVD: CNNVD-201707-1180

EXTERNAL IDS
db:CERT/CCid:VU#547255
Trust: 4.1
db:NVDid:CVE-2017-3223
Trust: 3.3
db:BIDid:99620
Trust: 2.5
db:JVNid:JVNVU97102517
Trust: 0.8
db:JVNDBid:JVNDB-2017-005172
Trust: 0.8
db:CNVDid:CNVD-2017-27850
Trust: 0.6
db:CNNVDid:CNNVD-201707-1180
Trust: 0.6
sources:
            
            
            CERT/CC: VU#547255 // 
            
            
            
            CNVD: CNVD-2017-27850 // 
            
            
            
            BID: 99620 // 
            
            
            
            JVNDB: JVNDB-2017-005172 // 
            
            
            
            CNNVD: CNNVD-201707-1180 // 
            
            
            
            NVD: CVE-2017-3223

REFERENCES
url:https://www.kb.cert.org/vuls/id/547255
Trust: 3.3
url:http://www.dahuasecurity.com/firmware_161.html
Trust: 1.9
url:http://www.securityfocus.com/bid/99620
Trust: 1.6
url:http://cwe.mitre.org/data/definitions/121.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3223
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97102517/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3223
Trust: 0.8
url:http://www.dahuasecurity.com/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#547255 // 
            
            
            
            CNVD: CNVD-2017-27850 // 
            
            
            
            BID: 99620 // 
            
            
            
            JVNDB: JVNDB-2017-005172 // 
            
            
            
            CNNVD: CNNVD-201707-1180 // 
            
            
            
            NVD: CVE-2017-3223

CREDITS
Ilya Smith and Yury Maryshev.
Trust: 0.9
sources:
            
            
            BID: 99620 // 
            
            
            
            CNNVD: CNNVD-201707-1180

SOURCES
db:CERT/CCid:VU#547255
db:CNVDid:CNVD-2017-27850
db:BIDid:99620
db:JVNDBid:JVNDB-2017-005172
db:CNNVDid:CNNVD-201707-1180
db:NVDid:CVE-2017-3223

LAST UPDATE DATE
2024-09-09T23:11:40.060000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#547255date:2017-07-26T00:00:00
db:CNVDid:CNVD-2017-27850date:2019-05-17T00:00:00
db:BIDid:99620date:2017-07-18T00:00:00
db:JVNDBid:JVNDB-2017-005172date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201707-1180date:2019-10-17T00:00:00
db:NVDid:CVE-2017-3223date:2019-10-09T23:27:24.947

SOURCES RELEASE DATE
db:CERT/CCid:VU#547255date:2017-07-18T00:00:00
db:CNVDid:CNVD-2017-27850date:2017-09-21T00:00:00
db:BIDid:99620date:2017-07-18T00:00:00
db:JVNDBid:JVNDB-2017-005172date:2017-07-20T00:00:00
db:CNNVDid:CNNVD-201707-1180date:2017-07-28T00:00:00
db:NVDid:CVE-2017-3223date:2018-07-24T15:29:00.843