CVE-2017-3223 : Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170

Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.

Published 2018-07-24 15:29:01

Updated 2019-10-09 23:27:25

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2017-3223

Dahuasecurity » Ip Camera Firmware
Versions before (<) dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bin
cpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dahuasecurity » Ip Camera » Version: N/A
Dahuasecurity » Ip Camera Firmware
Versions before (<) 2.400.0000.14.r.20170713
cpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Dahuasecurity » Ip Camera » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-3223

EPSS FAQ

6.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-3223

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-3223

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Assigned by: cret@cert.org (Secondary)

References for CVE-2017-3223

https://www.kb.cert.org/vuls/id/547255

VU#547255 - Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflow
Third Party Advisory;US Government Resource
http://www.securityfocus.com/bid/99620

Dahua IP camera CVE-2017-3223 Stack Buffer Overflow Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-3223

Products affected by CVE-2017-3223

Exploit prediction scoring system (EPSS) score for CVE-2017-3223

CVSS scores for CVE-2017-3223

CWE ids for CVE-2017-3223

References for CVE-2017-3223