Critical vulnerabilities threaten US national security.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two critical vulnerabilities affecting Dahua IP cameras and related products. The problem was discovered back in 2021. However, since researchers have recently proven that attackers continue to exploit these bugs, they have been added to the Active Threat Directory.
The vulnerabilities, which received the identifiers CVE-2021-33045 and CVE-2021-33044, allow you to deceive device authentication. With their help, hackers can create malicious data packets to bypass the authorization process. Both threats received a CVSS score of 9.8.
CISA ordered federal agencies to either apply measures to eliminate vulnerabilities by September 11, 2024, following the instructions of the developers, or stop using the product altogether. According to the information on the manufacturer's website, the software update is already available: it can be installed via the cloud, downloaded from the official website or contact technical support specialists.
Dahua is a major manufacturer of security cameras in the global market. However, in November 2022, the U.S. Federal Communications Commission restricted the import and sale of Chinese telecommunications and video surveillance equipment, saying that products from Huawei, ZTE, Hytera, Hikvision, and Dahua "pose a threat to national security."
Source
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two critical vulnerabilities affecting Dahua IP cameras and related products. The problem was discovered back in 2021. However, since researchers have recently proven that attackers continue to exploit these bugs, they have been added to the Active Threat Directory.
The vulnerabilities, which received the identifiers CVE-2021-33045 and CVE-2021-33044, allow you to deceive device authentication. With their help, hackers can create malicious data packets to bypass the authorization process. Both threats received a CVSS score of 9.8.
CISA ordered federal agencies to either apply measures to eliminate vulnerabilities by September 11, 2024, following the instructions of the developers, or stop using the product altogether. According to the information on the manufacturer's website, the software update is already available: it can be installed via the cloud, downloaded from the official website or contact technical support specialists.
Dahua is a major manufacturer of security cameras in the global market. However, in November 2022, the U.S. Federal Communications Commission restricted the import and sale of Chinese telecommunications and video surveillance equipment, saying that products from Huawei, ZTE, Hytera, Hikvision, and Dahua "pose a threat to national security."
Source
