Dahua Intelligent IoT Integrated Management Platform Remote Code Execution (RCE) Scanner

The Dahua Intelligent IoT Integrated Management Platform is utilized by organizations for managing IoT devices within their network. This platform enables centralized control and monitoring of networked devices, improving operational efficiency. It is widely deployed in smart buildings, industrial environments, and other IoT-intensive infrastructures. The platform's primary function is to ensure seamless integration and interaction among various IoT devices. Administrators use it to perform actions such as configuration, monitoring, and maintenance of connected devices. The platform's purpose is to enhance connectivity and streamline IoT operations for better resource management.

The vulnerability in question is a Remote Code Execution (RCE) risk in the Dahua platform's 'GetClassValue.jsp' component. RCE vulnerabilities allow attackers to run arbitrary code on a remote server, bypassing security controls. This particular vulnerability arises when the system improperly handles requests that interact with sensitive methods. Exploiting such a vulnerability can give attackers remote control over the affected system. It is a critical flaw as it can compromise the entire system hosting the platform. Organizations are urged to address this issue promptly due to its severe impact potential.

Technical details reveal that the vulnerability resides in the way the platform handles requests to the GetClassValue.jsp endpoint. Attackers can exploit this by sending specially crafted requests to execute arbitrary commands. The vulnerable parameter in question is related to the className and methodName used in the payload. These requests may allow an attacker to bypass authentication and gain unauthorized access to system processes. Successful exploitation yields output related to the system's user ID and group ID, indicating command execution. The vulnerability requires immediate attention to patch the flawed endpoints.

Exploitation of this vulnerability can lead to severe consequences, such as unauthorized system access and control. Attackers can leverage this access to execute malicious commands, leading to data breaches or system shutdowns. Furthermore, compromised systems can be used to launch further attacks within the organization's network. It also poses a data integrity risk and could lead to the theft of sensitive information. If left uncorrected, the impact may extend to critical business operations and users. Organizations may face reputational damage and financial losses due to these security breaches.

REFERENCES

• https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dahua-icc-getclassvalue-rce.yaml