Ethical Hacking News
Dahua Camera Vulnerabilities: A Growing Concern for Home and Business Surveillance
Recent discoveries by Bitdefender researchers have revealed critical flaws in Dahua smart cameras, allowing hackers to remotely take control of these devices. In this article, we delve into the details of these vulnerabilities and provide essential information on how users can protect their home and business surveillance systems.
Dahua smart cameras have been found to have serious vulnerabilities that allow hackers to remotely take control of them. Bitdefender researchers discovered two critical vulnerabilities, CVE-2025-31700 and CVE-2025-31701, affecting the firmware of Dahua Hero C1 smart cameras. The vulnerabilities have a high CVSS score of 8.1, indicating a high level of severity. Researchers developed a Proof-of-Concept (PoC) to showcase the exploits possible using these vulnerabilities. Dahua has released patches for the vulnerabilities, and users are advised to update their firmware as soon as possible. Users can take preventive measures by disabling UPnP and port forwarding, isolating devices on separate networks, and regularly checking for updates.
Pierluigi Paganini, a renowned cybersecurity expert, has sounded an alarm about serious vulnerabilities found in Dahua smart cameras. The security flaws discovered by Bitdefender researchers allow hackers to remotely take control of these devices, putting the privacy and safety of countless individuals at risk.
In his recent article published on July 31, 2025, Paganini reveals that Bitdefender discovered two critical vulnerabilities affecting the firmware of Dahua Hero C1 smart cameras. The first flaw, tracked as CVE-2025-31700, is a stack-based buffer overflow in the ONVIF handler on port 80. This allows attackers to execute arbitrary commands remotely without any authentication.
The second flaw, identified as CVE-2025-31701, affects an undocumented RPC upload endpoint, which enables hackers to overwrite global variables and hijack system calls via crafted data. Both vulnerabilities have a CVSS score of 8.1, indicating a high level of severity.
Researchers at Bitdefender also developed a Proof-of-Concept (PoC) that showcases the exploits possible using these vulnerabilities. The PoC demonstrates how attackers could use ROP chains to write commands in memory, drop an ELF payload via TFTP, and open a bind shell on port 4444 using LD_PRELOAD.
These vulnerabilities impact various models of Dahua cameras, including IPC-1XXX, IPC-2XXX, IPC-WX, IPC-ECXX, SD3A, SD2A, SD3D, SDT2A, and SD2C series. Fortunately, Dahua has released patches for the vulnerabilities, and users are advised to update their firmware as soon as possible.
However, it is essential for users to take preventive measures to avoid exposing their vulnerable cameras online. This includes disabling UPnP and port forwarding, isolating devices on separate networks, and regularly checking for updates to ensure that all affected models have received patches.
The widespread use of Dahua cameras in various settings poses a significant security risk due to these vulnerabilities. Retail stores, warehouses, and private homes are among the many locations where these cameras are commonly installed, making them susceptible to exploitation by malicious actors.
In light of this critical information, users must take immediate action to safeguard their home and business surveillance systems. By staying informed about the latest security updates and taking proactive measures to secure their networks, individuals can minimize the risk of falling victim to these serious vulnerabilities.
Related Information:
https://www.ethicalhackingnews.com/articles/Dahua-Camera-Vulnerabilities-A-Growing-Concern-for-Home-and-Business-Surveillance-ehn.shtml
https://securityaffairs.com/180602/hacking/dahua-camera-flaws-allow-remote-hacking-update-firmware-now.html
https://nvd.nist.gov/vuln/detail/CVE-2025-31700
https://www.cvedetails.com/cve/CVE-2025-31700/
https://nvd.nist.gov/vuln/detail/CVE-2025-31701
https://www.cvedetails.com/cve/CVE-2025-31701/
Published: Thu Jul 31 01:38:09 2025 by llama3.2 3B Q4_K_M
