Cybersecurity researchers have uncovered critical security vulnerabilities in the firmware of Dahua smart cameras. These flaws, if not addressed, could allow attackers to take over the devices remotely. The vulnerabilities were disclosed in a report by Bitdefender, which highlighted that unauthenticated attackers could execute arbitrary commands through the camera’s firmware. The affected devices utilize the ONVIF protocol and file upload handlers that contain these weaknesses.
The vulnerabilities are tracked as CVE-2025-31700 and CVE-2025-31701, both with a CVSS score of 8.1. They impact various Dahua camera models, including the IPC-1XXX, IPC-2XXX, IPC-WX, IPC-ECXX, SD3A, SD2A, and more, particularly those with firmware build timestamps prior to April 16, 2025. Users can check their device’s build time by accessing the device’s web interface and navigating to Settings -> System Information -> Version.
Both vulnerabilities are classified as buffer overflow issues that can be exploited using specially crafted packets. CVE-2025-31700 relates to a stack-based buffer overflow in the ONVIF request handler, whereas CVE-2025-31701 deals with an overflow bug in the RPC file upload handler. The Romanian cybersecurity company has noted that while some devices may have implemented protective measures like Address Space Layout Randomization (ASLR), the risk of denial-of-service (DoS) attacks remains high.
Dahua has alerted users about the risks associated with these vulnerabilities. They emphasized that devices exposed to the internet via port forwarding or Universal Plug and Play (UPnP) are particularly vulnerable. Successful exploitation could potentially grant root-level access to the camera without any user interaction. This undermines firmware integrity checks and allows attackers to load unsigned payloads or persist through custom daemons, complicating the cleanup process.