Introduction After discovering the Exposures identified here I decided to try to inject a new user into the system by modifying packets in the TCP Stream Disclosure Timeline 2017-02-24: Vulnerability Discovered 2017-03-02: Proof of Concept Written 2017-03-02: Dahua Contacted with plan to disclose on March 9th unless they wished otherwise. 2017-03-07: Dahua Responded with timeline […]

Read more "Dahua NVR – Auth Bypass – CVE-2017-6432"