CVE-2017-7253

Name of the Vulnerable Software and Affected Versions Dahua IP Camera devices version 3.200.0001.6

Description The issue allows exploitation of Dahua IP Camera devices by using default low-privilege credentials to list all users via a request to a certain URI, and then logging in with admin credentials to obtain full control of the target IP camera. During exploitation, JSON objects are encountered, including a "Component error: login challenge!" message and a result indicating a successful admin login.

Recommendations For Dahua IP Camera devices version 3.200.0001.6, update the device to a version that is not affected by this issue, or change the default low-privilege credentials and admin credentials to prevent unauthorized access. As a temporary workaround, consider restricting access to the URI used in the exploitation steps to minimize the risk of exploitation.