Dahua Camera Vulnerabilities Allowed Hackers to Seize Control
Security researchers recently uncovered serious vulnerabilities in Dahua smart camera firmware, now patched, that could have allowed remote attackers to completely hijack vulnerable devices. The flaws stemmed from weaknesses in the ONVIF protocol implementation and file upload processes.
Cybersecurity researchers recently uncovered some serious security vulnerabilities in these cameras. If left unpatched, attackers could potentially take complete control of your devices.
According to a report by Bitdefender, the flaws reside in the camera's ONVIF protocol and file upload handlers. Essentially, these vulnerabilities allow attackers to execute commands remotely without needing any authentication. That's not good!
Which Cameras Are Affected?
The vulnerabilities, identified as CVE-2025-31700 and CVE-2025-31701 (with CVSS scores of 8.1), impact several Dahua camera models running firmware built before April 16, 2025. Here's a list:
- IPC-1XXX Series
- IPC-2XXX Series
- IPC-WX Series
- IPC-ECXX Series
- SD3A Series
- SD2A Series
- SD3D Series
- SDT2A Series
- SD2C Series
How to Check Your Camera's Build Date
Want to know if your camera is vulnerable? It's pretty easy to check. Just log in to your camera's web interface and navigate to Settings -> System Information -> Version. The build time will be displayed there.
What's the Risk?
These flaws are buffer overflow vulnerabilities. This means attackers can send specially crafted, malicious packets to your camera, potentially causing a denial-of-service or even executing remote code. In short, it gives them control.
CVE-2025-31700 is specifically a stack-based buffer overflow in the Open Network Video Interface Forum (ONVIF) request handler. CVE-2025-31701 is an overflow bug in the RPC file upload handler.
Dahua has acknowledged the issue, stating that "some devices may have deployed protection mechanisms...which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
Why This Matters
These Dahua cameras are commonly used for video surveillance in various environments, including retail stores, casinos, warehouses, and even homes. Because the vulnerabilities are unauthenticated and exploitable over the local network, the consequences could be significant.
Bitdefender warns that "Devices exposed to the internet through port forwarding or UPnP are especially at risk." If exploited, attackers gain root-level access to the camera without any user interaction. Worse, "attackers can load unsigned payloads or persist via custom daemons, making cleanup difficult."