Megvii Koala 2.9.1-c3s architectural vulnerability on network relays

  Severity: HIGH
  CVE Identifier: CVE-2020-17475


Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3sallows attackers to grant physical access to anyone by sending packet data to UDP port 5000 of any network relays connected to doors.

The vulnerability has been submitted to ZDI on March 20, 2020 as ZDI-CAN-10793.

The vendor has acknowledged and confirmed the vulnerability and said the production has reached end-of-line while a patch is available in newer products. We are not able to confirm the vendor's statement.The vendor has published a public advisory and asks the customers to upgrade the software when it is available.

Product lines impacted by similar vulnerability will have patches in August 2020.


Megvii Koala is a facial recognition system sold by Megvii. It is marketed towards factory, company concierge, apartment complex, etc. There are several hardware configurations, depending on the system integrator.

The weakness is in the architecture of the Megvii Koala system. The weakest link is the network relay, which has to be either HHT-NET2D or TCP-KP-I404. When an adversary has access to the internal network, one has only to send the string "on1" to UDP port 5000 of all the devices in the network to open all the doors.

The architecture, according to the instruction manual provided by the vendor, is like,

     ----------------------------     UDP 5000                COM/ON/OFF
    |  ---------         ------  | --------------> HHT-NET2D ------------> Door
    | | Backend | <---> | Edge | |
    |  ---------         ------  | <--- HTTP ----> Samsung Tablet
     ----------------------------    USB-C Cable

To our best knowledge, no firewall is recommended in user instruction manuals.

Vulnerability Type
CWE-862: Missing Authorization

Attack Type: Remote

Attack Vectors
To exploit vulnerability, attackers have to have access to LAN of the facial recognition access controller.

Deploy a firewall in front of network relays and allow UDP 5000 from Megvii edge server only.
Deny all other connections.

Roel Reyes, Joey Costoya, Philippe Lin, Vincenzo Ciancaglini, Morton Swimmer

Public advisory from the vendor: