Responsible Disclosure Timeline.
- 2016-10-10: Sent to both the Australian Importer and Dahua, everything mentioned here plus more. The Importer was also called to discuss the issues.
- 2016-10-17 (approx): Followed up verbally with the importer a couple weeks later (phone).
- 2016-11-14: Contacted both the Importer and Dahua for an update.
- Apart from when I rang the Importer directly, no one has responded.
- 2017-02-24: Public Disclosure.
- 2017-02-26: CVE’s Assigned
- 2017-03-02: Sent all CVE’s (plus CVE-2017-6432) to Dahua
- 2017-03-08: Dahua Responded stating all three CVE identified here will be resolved in July 2017.
- 2017-03-11: Content redacted by request from Dahua until all issues are resolved