Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Port Bounce Scan (MITM)
Description: The malware listens on TCP port 5554 and accepts any
credentials. Third-party intruders who successfully logon can abuse the
backdoor FTP server as a man-in-the-middle…
Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Port Bounce Scan (MITM)
Description: The malware listens on TCP port 5554 and accepts any
credentials. Third-party intruders who successfully logon can abuse the
backdoor FTP server as a man-in-the-middle…
Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5555. Third-party attackers
who can reach the system can run commands made available by the backdoor
hijacking the…
Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 5555. Third-party attackers
who can reach the system can run commands made available by the backdoor
hijacking the…
Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 5554. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may then…
Threat: Backdoor.Win32.FTP.Ics
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP port 5554. Third-party
attackers who can reach infected systems can logon using any
username/password combination. Intruders may then…
Threat: Backdoor.Win32.Acropolis.10
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions under c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
Threat: Backdoor.Win32.Acropolis.10
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions under c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the…
I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:
Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)
I have actually contacted Dahua PSIRT team and they confirmed the
vulnerability exists few days ago but then since this product is not in
that scope on requesting CVE and therefore I am going to disclose the
details here:
Vulnerable Software and Version:
ToolBox-V1.010.0000000.0 (versions prior to this are probably vulnerable
but just tested against V1.010.0000000.0)