Dahua is a provider of IP camera systems that recently discovered a security vulnerability. This vulnerability, also being tracked as CVE-2022-30563 (CVSS score: 7.4), allows attackers complete control of the IP cameras and system, possibly accessing a previous unencrypted ONVF interaction.
This issue has been patched within the latest update, which was released on 28th June 2022 but affects only;
- Dahua ASI7XXX: Versions prior to v1.000.0000009.0.R.220620
- Dahua IPC-HDBW2XXX: Versions prior to v2.820.0000000.48.R.220614
- Dahua IPC-HX2XXX: Versions prior to v2.820.0000000.48.R.220614
ONVIF governs the development and use of an open standard for how IP-based physical security products such as video surveillance cameras and access control systems can communicate with one another in a vendor-agnostic manner.
It is crucial to ensure all area of your digital economy is counted for and updated regularly. It is easy to forget about what assets you have; therefore, ensuring you have an up-to-date asset list is essential.