CVE-2017-3223 Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow

🗓️ 24 Jul 2018 15:00:00Reported by certccType

Dahua IP camera firmware vulnerabilit

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the web interface of the Sonia (/user/bin/sonia) application, a micro-programmed software for Dahua IP cameras, allows a intruder to trigger a service failure or execute arbitrary code.	21 Feb 201800:00	–	bdu_fstec
CVE	CVE-2017-3223	24 Jul 201815:00	–	cve
EUVD	EUVD-2017-12344	24 Jul 201815:00	–	euvd
NVD	CVE-2017-3223	24 Jul 201815:29	–	nvd
Prion	Stack overflow	24 Jul 201815:29	–	prion
Positive Technologies	PT-2017-54: Buffer Overflow in Dahua IP cameras	20 Feb 201700:00	–	ptsecurity
Tenable Nessus	Dahua Security Cameras Stack-based Buffer Overflow (CVE-2017-3223)	29 Jul 202400:00	–	nessus
CERT	Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow	18 Jul 201700:00	–	cert

[
  {
    "product": "IP Camera",
    "vendor": "Dahua",
    "versions": [
      {
        "lessThan": "DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621",
        "status": "affected",
        "version": "DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.cert.org/vuls/id/547255
securityfocus	www.securityfocus.com/bid/99620

25 Jul 2018 09:57Current

10High risk

Vulners AI Score10

EPSS0.10782

CWE-121

dahua ip camera firmware vulnerability sonia web interface stack buffer overflow stack buffer remote code execution memory operations crafted post request unauthenticated attacker out-of-bounds memory