Introduction

Responsible Disclosure Timeline.  

  • 2016-10-10: Sent to both the Australian Importer and Dahua, everything mentioned here plus more. The Importer was also called to discuss the issues.
  • 2016-10-17 (approx): Followed up verbally with the importer a couple weeks later (phone).
  • 2016-11-14: Contacted both the Importer and Dahua for an update.
  • Apart from when I rang the Importer directly, no one has responded.
  • 2017-02-24: Public Disclosure.
  • 2017-02-26: CVE’s Assigned
  • 2017-03-02: Sent all CVE’s (plus CVE-2017-6432) to Dahua
  • 2017-03-08: Dahua Responded stating all three CVE identified here will be resolved in July 2017.  
  • 2017-03-11: Content redacted by request from Dahua until all issues are resolved

Relevant CVE’s

CVE-2017-6341
CVE-2017-6342
CVE-2017-6343