Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

July 30, 2025 invoker category_news

Security Update News

Update Information

Title Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits
Update ID THN:C4F0D087FD2CBF619B338FE188158C68
Type thn
Published 2025-07-30T13:01:00
Last Updated 2025-07-30T13:01:06

Security Impact

CVSS Score 8.1
Severity HIGH

Affected CVEs

  • CVE-2025-31700
  • CVE-2025-31701

Update Details

![Critical Dahua Camera Flaws](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices.

“The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,” Bitdefender said in a report shared with The Hacker News.

The vulnerabilities, tracked as **CVE-2025-31700** and **CVE-2025-31701** (CVSS scores: 8.1), affect the following devices running versions with built timestamps before April 16, 2025 –

* IPC-1XXX Series
* IPC-2XXX Series
* IPC-WX Series
* IPC-ECXX Series
* SD3A Series
* SD2A Series
* SD3D Series
* SDT2A Series
* SD2C Series

![Cybersecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)

It’s worth noting that users can view the build time by logging in to the web interface of the device and then navigating to _Settings – > System Information -> Version_.

Both shortcomings are classified as buffer overflow vulnerabilities that could be exploited by sending specially crafted malicious packets, resulting in denial-of-service or remote code execution (RCE).

Specifically, CVE-2025-31700 has been described as a stack-based buffer overflow in the Open Network Video Interface Forum (ONVIF) request handler, while CVE-2025-31701 concerns an overflow bug in the RPC file upload handler.

“Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation,” Dahua said in an alert released last week. “However, denial-of-service (DoS) attacks remain a concern.”

Given that these models are used for video surveillance in retail, casinos, warehouses, and residential settings, the flaws can have significant consequences as they are unauthenticated and exploitable over the local network.

“Devices exposed to the internet through port forwarding or UPnP are especially at risk,” the Romanian cybersecurity company said. “Successful exploitation provides root-level access to the camera with no user interaction. Because the exploit path bypasses firmware integrity checks, attackers can load unsigned payloads or persist via custom daemons, making cleanup difficult.”

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.