CVE-2024-13985
Dahua EIMS capture_handle.action RCE
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without sanitization or authentication. By sending crafted HTTP requests, attackers can inject OS-level commands that are executed on the server, leading to full system compromise. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-04-06 UTC.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
Zhejiang Dahua Technology Co., Ltd. · EIMSpublic PoCs found — 3
cve_referenceblog.csdn.net/weixin_43567873/article/details/136636198unverifiedcve_referencecn-sec.com/archives/2554372.htmlunverifiedcve_referencegithub.com/ahisec/nuclei-tps/blob/main/http/vulnerabilities/dahua/dahua-eims-capture-handle-rce.yamlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://blog.csdn.net/weixin_43567873/article/details/136636198https://cn-sec.com/archives/2554372.htmlhttps://github.com/ahisec/nuclei-tps/blob/main/http/vulnerabilities/dahua/dahua-eims-capture-handle-rce.yamlhttps://pentest-tools.com/vulnerabilities-exploits/dahua-eims-remote-command-execution_23961https://s4e.io/tools/dahua-eims-remote-code-executionhttps://support.dahuatech.com/bulletin/info?IsDpValue=APKncD%2FBd6zIq4O2BUpuhjg6hGbLYAQKuf5hnmPaK9M%3Dhttps://www.cnvd.org.cn/flaw/show/CNVD-2024-17054https://www.vulncheck.com/advisories/dahua-eims-rce