Dahua Security

Notified:  July 09, 2013 Updated: December 04, 2013



Vendor Statement

Five separate attempts to contact Dahua were made, but the vendor failed to respond. After publishing, Dahua disputes CVE-2013-3612, CVE-2013-3613, and CVE-2013-3614. Specifically, Dahua states that the telnet port cannot be mapped via UPnP. Dahua also states that the six character password requirement cannot be brute forced due to an account lockout mechanism after three unsuccessful login attempts. Lastly, Dahua states that the master password in CVE-2013-3612 can only be used by a local user.

Vendor References