Security researchers have uncovered two high-severity vulnerabilities in Dahua smart cameras that could let attackers remotely hijack the devices without user interaction. These flaws, if left unpatched, can lead to full device takeover, enabling cybercriminals to access live feeds, disable surveillance, or install persistent malware.
The vulnerabilities CVE-2025-31700 and CVE-2025-31701 were discovered by cybersecurity experts at Bitdefender. They affect multiple models of Dahua IP cameras widely used in retail stores, casinos, warehouses, and even homes. Dahua, one of the world’s top manufacturers of video surveillance equipment, has already issued security patches to fix the issues.
The two flaws are classified as critical buffer overflow vulnerabilities with CVSS scores of 8.1, which means they can cause serious harm. Buffer overflows happen when an attacker sends more data to a program than it can handle, allowing the attacker to overwrite the memory and execute malicious code.
CVE-2025-31700 is a stack-based buffer overflow that affects the ONVIF protocol handler. ONVIF is a widely used protocol that allows IP-based security products to communicate.
CVE-2025-31701 is a similar buffer overflow vulnerability, but it resides in the RPC file upload handler.
These flaws can be exploited by unauthenticated users over a local network by sending specially crafted malicious packets. In some cases, if the camera is exposed to the internet (for example, via port forwarding or UPnP), attackers don’t even need to be on the same network to exploit it.
The flaws affect the following Dahua camera series with firmware build dates before April 16, 2025:
IPC-1XXX Series
IPC-2XXX Series
IPC-WX Series
IPC-ECXX Series
SD3A Series
SD2A Series
SD3D Series
SDT2A Series
SD2C Series
To check if your device is vulnerable, log in to its web interface and go to:
Settings → System Information → Version
Look at the Build Time and update the firmware if it was built before April 16, 2025.
According to Bitdefender, if an attacker successfully exploits these flaws:
They can gain root-level access to the camera.
They can bypass firmware integrity checks, which allows them to load unsigned, malicious software.
They can install custom daemons, making it extremely difficult to remove their presence.
They can disable the camera, causing denial of service.
They can potentially use the camera as a pivot point to launch attacks on other devices inside the network.
The attack requires no user interaction and can be carried out remotely if the camera is exposed to the internet.
Dahua has acknowledged the vulnerabilities and released a security advisory urging customers to update their firmware immediately. While some devices have protections like Address Space Layout Randomization (ASLR) to reduce the chances of a successful remote code execution (RCE), denial-of-service attacks are still a serious concern.
Here’s what you should do if you use Dahua smart cameras:
Check your firmware version. If the build time is before April 16, 2025, your device is at risk.
Download and install the latest firmware from Dahua’s official website or contact your service provider.
Avoid exposing your camera to the internet. Disable UPnP and avoid port forwarding unless necessary.
Use strong passwords and change default credentials.
Monitor network traffic for suspicious activity coming from or targeting your IP camera.
Dahua cameras are used across multiple industries including retail, logistics, hospitality, and residential security. A compromised camera doesn’t just mean a loss of privacy—it can become a launchpad for further attacks.
Bitdefender warned, “Devices exposed to the internet through port forwarding or UPnP are especially at risk. Successful exploitation provides root-level access to the camera with no user interaction.”
This makes these flaws particularly dangerous for organizations that use these devices as part of a larger physical or IT security infrastructure.
These critical vulnerabilities in Dahua IP cameras are a stark reminder that even physical security devices need regular cybersecurity maintenance. While Dahua has responded quickly with patches, the responsibility also lies with users and IT administrators to apply updates and secure their networks.
If left unpatched, these flaws can allow a hacker to completely take over a camera—spying, disabling, or spreading malware without ever being detected.
Interesting Article : PaperCut Exploited by Hackers Using Remote Code Execution, CISA
Pingback: Microsoft 365 Users Targeted by Fake OAuth Apps Using Tycoon Phishing Kit