Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Posted on By CWS

Jul 30, 2025Ravie LakshmananFirmware Safety / Vulnerability
Cybersecurity researchers have disclosed now-patched important safety flaws within the firmware of Dahua good cameras that, if left unaddressed, might enable attackers to hijack management of prone units.
“The failings, affecting the gadget’s ONVIF protocol and file add handlers, enable unauthenticated attackers to execute arbitrary instructions remotely, successfully taking up the gadget,” Bitdefender stated in a report shared with The Hacker Information.
The vulnerabilities, tracked as CVE-2025-31700 and CVE-2025-31701 (CVSS scores: 8.1), have an effect on the next units operating variations with constructed timestamps earlier than April 16, 2025 –

IPC-1XXX Collection
IPC-2XXX Collection
IPC-WX Collection
IPC-ECXX Collection
SD3A Collection
SD2A Collection
SD3D Collection
SDT2A Collection
SD2C Collection

It is value noting that customers can view the construct time by logging in to the online interface of the gadget after which navigating to Settings -> System Data -> Model.
Each shortcomings are categorised as buffer overflow vulnerabilities that might be exploited by sending specifically crafted malicious packets, leading to denial-of-service or distant code execution (RCE).
Particularly, CVE-2025-31700 has been described as a stack-based buffer overflow within the Open Community Video Interface Discussion board (ONVIF) request handler, whereas CVE-2025-31701 issues an overflow bug within the RPC file add handler.
“Some units might have deployed safety mechanisms reminiscent of Deal with House Structure Randomization (ASLR), which reduces the chance of profitable RCE exploitation,” Dahua stated in an alert launched final week. “Nonetheless, denial-of-service (DoS) assaults stay a priority.”
On condition that these fashions are used for video surveillance in retail, casinos, warehouses, and residential settings, the failings can have important penalties as they’re unauthenticated and exploitable over the native community.
“Units uncovered to the web by way of port forwarding or UPnP are particularly in danger,” the Romanian cybersecurity firm stated. “Profitable exploitation supplies root-level entry to the digicam with no person interplay. As a result of the exploit path bypasses firmware integrity checks, attackers can load unsigned payloads or persist through customized daemons, making cleanup tough.”

The Hacker News Tags:, , , , , , , , , ,

Related Posts

Why CTEM is the Winning Bet for CISOs in 2025 The Hacker News
NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware The Hacker News
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware The Hacker News
WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews The Hacker News
HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass The Hacker News
Why Offensive Security Training Benefits Your Entire Security Team The Hacker News