InfoSecBulletin Cybersecurity for mankind
CISA warned about two important vulnerabilities in Dahua IP cameras and related products. Though these vulnerabilities were discovered in 2021, CISA has now added them to its catalog “based on evidence of active exploitation.”
CISA stated that Dahua IP cameras and related products have authentication bypass vulnerabilities. Attackers can bypass device identity authentication by creating harmful data packets.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CISA gave federal agencies until September 11th to “apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.”
According to the manufacturer’s website, the updated software is currently accessible through various methods.
In November 2022, the US Federal Communications Commission banned authorizations for Chinese telecommunications and video surveillance equipment, saying that Huawei, ZTE, Hytera, Hikvision, and Dahua are “deemed to pose a threat to national security.”
Previously, the UK surveillance watchdog warned about Chinese cameras. CISA advises organizations to reduce the risk of cyberattacks by promptly addressing identified vulnerabilities. Cybernews found lots of unprotected cameras in the US that anyone could access, including some in real-time.
Dahua is a well known camera company. However the US government banned some of their products from being sold in the US.
