How severe is CVE-2017-3223?

CVE-2017-3223 is classified as critical with a severity value of 9.8.

How can I fix CVE-2017-3223?

To fix CVE-2017-3223, you should update the firmware of your Dahua IP camera products to at least V2.400.0000.14.R.20170713.

Vulnerability/
CVE-2017-3223

critical

9.8

CWE

119 121

24/7/2018

5/8/2024

CVE-2017-3223: Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow

Q: What is CVE-2017-3223?

CVE-2017-3223 is a vulnerability found in Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 that may be vulnerable to a stack buffer overflow.

Q: Are all Dahua IP cameras vulnerable to CVE-2017-3223?

No, only Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 are vulnerable to CVE-2017-3223.

First published: Tue Jul 24 2018(Updated: )

Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Dahuasecurity Ip Camera Firmware	<dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin
Dahuasecurity Ip Camera
Dahuasecurity Ip Camera Firmware	<2.400.0000.14.r.20170713

Remedy

Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-3223?
CVE-2017-3223 is a vulnerability found in Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 that may be vulnerable to a stack buffer overflow.
How severe is CVE-2017-3223?
CVE-2017-3223 is classified as critical with a severity value of 9.8.
Which software is affected by CVE-2017-3223?
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 are affected by CVE-2017-3223.
How can I fix CVE-2017-3223?
To fix CVE-2017-3223, you should update the firmware of your Dahua IP camera products to at least V2.400.0000.14.R.20170713.
Are all Dahua IP cameras vulnerable to CVE-2017-3223?
No, only Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 are vulnerable to CVE-2017-3223.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/author
agent/tags
agent/severity
agent/weakness
agent/title
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
vendor/dahuasecurity
canonical/dahuasecurity ip camera firmware
canonical/dahuasecurity ip camera

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.