Critical Dahua Camera Flaws Let Hackers Take Remote Control
Security researchers have discovered critical flaws in Dahua digital cameras that allow hackers to take control remotely. The vulnerabilities, identified as CVE-2025-31700 and CVE-2025-31701, impact Dahua Hero C1 digital cameras and other models with older firmware. Users must update their firmware to stay protected.
The first vulnerability, CVE-2025-31700, is a stack-based buffer overflow in the ONVIF handler on port 80. This flaw enables unauthenticated attackers to execute arbitrary commands remotely. It affects Dahua Hero C1 digital cameras running the latest firmware as of early 2024, and other models with older firmware.
The second vulnerability, CVE-2025-31701, affects an undocumented RPC upload endpoint. It allows attackers to overwrite global variables and hijack system calls. Both flaws grant attackers root access and bypass firmware integrity checks, posing high risks especially in critical infrastructure scenarios. Users should avoid exposing vulnerable Dahua digital cameras online and disable UPnP and port forwarding.
Dahua has patched these vulnerabilities, but users must install the updates released after April 16, 2025, to stay protected. Affected models include Dahua Hero C1 (DH-H4C) smart digital camera series. Users should prioritize updating their firmware and follow best security practices to safeguard their devices.
Read also:
- Bishkek: A Time-Capsule City of Soviet Statues and Architecture
- Mitsubishi Electric Acquires Nozomi Networks for $883M in Industrial Cybersecurity Boost
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
