Security researchers have uncovered two critical vulnerabilities in the firmware of popular Dahua smart cameras, which could allow attackers to remotely hijack devices if left unpatched.

According to a recent report by Bitdefender, the flaws reside in the ONVIF protocol handler and the file upload mechanism of certain Dahua models. These bugs could allow unauthenticated attackers to remotely execute arbitrary commands on affected devices—giving them complete control.

Vulnerabilities Overview

The issues are tracked as CVE-2025-31700 and CVE-2025-31701, both with CVSS scores of 8.1. They impact several Dahua camera lines with firmware built before April 16, 2025, including:

• IPC-1XXX Series
• IPC-2XXX Series
• IPC-WX Series
• IPC-ECXX Series
• SD3A, SD2A, SD3D, SDT2A, and SD2C Series

Users can confirm their firmware build date by logging into the device’s web interface and navigating to:
Settings → System Information → Version.

Technical Details

Both vulnerabilities are buffer overflow flaws that could be triggered by specially crafted network packets.

• CVE-2025-31700 involves a stack-based buffer overflow in the ONVIF request handler.
• CVE-2025-31701 is tied to an overflow in the RPC file upload component.

These weaknesses could lead to a denial of service (DoS) or potentially enable remote code execution (RCE) without requiring any user interaction.

Dahua has stated that some affected devices include security features such as Address Space Layout Randomization (ASLR), which may reduce the likelihood of RCE. However, the threat of DoS remains significant.

Real-World Risks

Given that Dahua cameras are widely used in retail stores, casinos, warehouses, and private homes, the impact of these vulnerabilities could be far-reaching. Bitdefender warns that devices exposed to the internet via port forwarding or UPnP are especially vulnerable.

If successfully exploited, attackers can gain root-level access, bypass firmware integrity checks, and even deploy persistent malware using unsigned payloads or custom daemons—making recovery particularly challenging.

Recommendations

• Update firmware immediately to the latest version provided by Dahua.
• Restrict access to the device via firewall rules and disable unnecessary internet exposure.
• Audit device logs and monitor for unusual activity.
• Consider isolating surveillance devices from the broader network using VLANs or dedicated subnets.

Stay proactive in securing IoT devices and surveillance systems—especially those with remote access capabilities. Even common tools like smart cameras can become high-risk entry points for sophisticated cyber threats.

Source: https://thehackernews.com/2025/07/critical-dahua-camera-flaws-enable.html