Dahua EIMS Remote Command Execution Vulnerability

A command injection vulnerability has been identified in Dahua EIMS versions prior to 2240008. This vulnerability allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The issue arises from inadequate input validation in the captureCommand parameter, which is processed without proper sanitization or authentication. By sending crafted HTTP requests, attackers can inject operating system-level commands that are executed on the server, potentially leading to a complete system compromise.

Impact

Exploitation of this vulnerability allows for unauthorized remote command execution on the affected server, leading to full system compromise.

Reproduction

The vulnerability can be reproduced by sending a GET request to the system_setPassWordValidate.action endpoint, including the capture_handle.action parameter. The captureCommand parameter can be used to inject OS commands, which will be executed on the server. This can be done using a crafted HTTP request that exploits the lack of input validation and authentication.

Remediation

Users are advised to update to Dahua EIMS version 2240008 or later, where this vulnerability has been fixed.