Security News > 2021 > October > Unpatched Dahua cams vulnerable to unauthenticated remote access
Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing.
This comes a month after Dahua's security advisory which urged owners of vulnerable models to upgrade their firmware, but considering how neglected these devices are following their initial installation and set up, it's likely that many of them are still running an old and vulnerable version.
The list of the affected models is extensive and covers many of Dahua cameras, even some thermal ones.
As a recent report from The Intercept details, many cameras sold in the U.S. under American or Canadian branding are using Dahua hardware and even software.
Apart from upgrading your Dahua camera to the latest available firmware version for your model, you should also change the password it came with out of the box with something unique and strong.
The discovery of the two flaws came on June 13, 2021, so some Dahua cameras remained vulnerable to unauthenticated access for at least 2.5 months, even for owners who applied the firmware update as soon as it came out.