Bashis

Name of the Vulnerable Software and Affected Versions Dahua IP Camera firmware versions prior to 2.820.0000000.5.r.210705 Description An identity authentication bypass issue exists in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. This issue is actively exploited. Recommendations Update the Dahua IP Camera firmware to version 2.820.0000000.5.r.210705 or later.

**Name of the Vulnerable Software and Affected Versions** Dahua IP Camera firmware versions <2.820.0000000.5.r.210705 **Description** The issue is related to an identity authentication bypass during the login process. Attackers can construct malicious data packets to bypass device identity authentication. **Recommendations** For Dahua IP Camera firmware versions <2.820.0000000.5.r.210705, update to a version equal to or later than 2.820.0000000.5.r.210705 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business 220 Series Smart Switches versions prior to 1.1.4.4 **Description** A vulnerability in the web management interface could allow an unauthenticated, remote attacker to upload arbitrary files due to incomplete authorization checks. An attacker could exploit this by sending a malicious request to certain parts of the web management interface, potentially via HTTP or HTTPS, depending on the switch's configuration. A successful exploit could allow the attacker to modify the device's configuration or inject a reverse shell. **Recommendations** For versions prior to 1.1.4.4, update the firmware to version 1.1.4.4 or later to resolve the issue. As a temporary workaround, consider disabling the web management interface until a patch is available. Restrict access to the web management interface to minimize the risk of exploitation. Avoid using the web management interface via HTTP or HTTPS until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Dahua DH-IPC-HDBW23A0RN-ZS Dahua DH-IPC-HDBW13A0SN Dahua DH-IPC-HDW1XXX Dahua DH-IPC-HDW2XXX Dahua DH-IPC-HDW4XXX Dahua DH-IPC-HFW1XXX Dahua DH-IPC-HFW2XXX Dahua DH-IPC-HFW4XXX Dahua DH-SD6CXX Dahua DH-NVR1XXX Dahua DH-HCVR4XXX Dahua DH-HCVR5XXX Dahua DHI-HCVR51A04HE-S3 Dahua DHI-HCVR51A08HE-S3 Dahua DHI-HCVR58A32S-S2 **Description** A password in configuration file issue was discovered, which could allow a malicious user to assume the identity of a privileged user and gain access to sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.