Security Notification – Apache Struts2 S2-053 vulnerability found in some of Dahua DSS software

Date:2017-09-11 Browse:1672

Notification ID: DHCC-201709-01

First Published: september 11, 2017

Apache Struts 2 is one of the most widely used MVC framework for creating Java web applications. It is maintained and distributed by Apache software foundation. A recently disclosed vulnerability in Apache Struts 2 has affected some of Dahua DSS software platform:
● S2-053(CVE ID CVE-2017-12611, Security rating Moderate): A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals.
For more details on Apache Struts 2 vulnerability, please check Struts 2 official web site:

CVE ID:   CVE-2017-12611

Affected Products:
Some of the DSS software that uses Apache Struts 2:
DH-DSS-B8000, DH-DSS-C8XXX, DH-DSS-P8500P8000P8010, DH-DSS-T81408100850088XX, DH-DSS-J8300, DH-DSS-U578XX

Fixed software release:
1) Fixed software can be obtained from Dahua technical support, or download the relevant patch from Apache Struts 2 web site.
2) Fixed software can also be obtained by contacting DHCC

Support Resources
Dahua technical team will contact customers to advise and support the upgrade process. For any questions or concerns related to cybersecurity, please contact Dahua at