Dahua ASI7213X-T1 (Update A)

MonitorCVSS 7.6ICS-CERT ICSA-22-193-01Jul 12, 2022

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in Dahua cameras (ASI7XXX, IPC-HDBW2XXX, IPC-HX2XXX) allow unauthorized file uploads and cause denial-of-service. The vulnerabilities stem from improper input validation (CWE-434), missing authentication checks (CWE-294), and information disclosure (CWE-209). Successful exploitation allows an attacker to upload and execute malicious code on the device, install backdoors, or crash the system, affecting surveillance monitoring and potentially exposing access paths to your facility. User interaction is required (victim must visit a malicious link or page), but the underlying device defenses are weak.

What this means

What could happen

An attacker could upload malicious files to these cameras or devices, potentially installing backdoors or malware. This could also cause the devices to stop functioning, affecting your surveillance and monitoring infrastructure.

Who's at risk

Water utilities and municipal electric utilities with Dahua IP camera infrastructure, particularly surveillance systems monitoring critical infrastructure like treatment plants, substations, and pumping stations. This affects anyone using ASI7213X-T1 or related Dahua IPC camera models for security monitoring.

How it could be exploited

An attacker with network access to the device would exploit file upload vulnerabilities (CWE-434) and weak authentication (CWE-294) to send a malicious file to the camera. The attack requires user interaction (someone visiting a malicious link or being redirected), but once successful, the attacker gains code execution on the device.

Prerequisites

Network access to the camera or device on ports 80/443
User interaction required (clicking malicious link or visiting compromised page)
No valid credentials required for the initial exploit

Remotely exploitableLow complexity attackNo authentication required for exploitationAffects surveillance/physical security monitoringNo vendor patches currently available

Exploitability

Unlikely to be exploited — EPSS score 0.5%

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

Dahua ASI7XXX:< 1.000.0000009.0.R.220620No fix (EOL)

Dahua IPC-HDBW2XXX:< 2.820.0000000.48.R.220614No fix (EOL)

Dahua IPC-HX2XXX:< 2.820.0000000.48.R.220614No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate all Dahua ASI7XXX, IPC-HDBW2XXX, and IPC-HX2XXX devices from direct internet access; do not expose them to the WAN

HARDENINGPlace all camera/device networks behind a firewall and segment them from your business network and corporate IT systems

WORKAROUNDIf remote access to cameras is required, implement a VPN gateway rather than exposing devices directly; ensure the VPN server is updated to the latest version

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXMonitor for vendor firmware updates for ASI7XXX (1.000.0000009.0.R.220620 or later), IPC-HDBW2XXX, and IPC-HX2XXX (2.820.0000000.48.R.220614 or later) and apply when available

CVEs (4)

CVE-2022-30560 CVE-2022-30561 CVE-2022-30562 CVE-2022-30563

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/bfa88268-4410-4287-9f67-a6f9dad019bd

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.