Vulnerability Details : CVE-2017-3223
Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-3223
Probability of exploitation activity in the next 30 days: 1.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-3223
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-3223
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: cret@cert.org (Secondary)
References for CVE-2017-3223
-
https://www.kb.cert.org/vuls/id/547255
VU#547255 - Dahua IP cameras Sonia web interface is vulnerable to stack buffer overflowThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/99620
Dahua IP camera CVE-2017-3223 Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-3223
- Dahuasecurity » Ip Camera FirmwareVersions before (<) dh_ipc-ack-themis_eng_p_v2.400.0000.14.r.20170713.bincpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:ip_camera_firmware:*:*:*:*:*:*:*:*