[ad_1]
- Dahua CCTV flaws recognized by Bitdefender have an effect on over 100 common safety digital camera fashions
- Vulnerabilities permit distant code execution with out authentication over native or web connections
- Firm urges firmware updates and community isolation to stop exploitation
Researchers at Bitdefender have introduced two crucial vulnerabilities affecting numerous Dahua sensible cameras.
The failings, which had been patched in the newest firmware replace, might permit unauthenticated attackers to take full management of affected units.
Dahua has confirmed {that a} whole of 126 fashions had been affected, together with a number of IPC, SD, and DH collection units, not simply the Hero C1 mannequin first reported.
Patch now
The primary of the vulnerabilities, CVE-2025-31700, is a buffer overflow flaw in Dahua digital camera firmware that may be triggered when the system processes specifically crafted community packets. If exploited, it might trigger the digital camera to crash or, in some instances, permit a distant attacker to run their very own code on the system.
The second, CVE-2025-31701, is one other buffer overflow subject additionally exploitable via maliciously crafted packets despatched over the community. It too can be utilized to crash the digital camera or doubtlessly acquire full distant management relying on the goal’s defenses.
Each will be exploited to run arbitrary code with root privileges.
Bitdefender privately reported the problems to Dahua on March 28, 2025. The Chinese language video surveillance tools producer acknowledged the report the subsequent day and validated the findings by April 1.
It requested a while to arrange a repair for the problems, with patches lastly rolling out final month, adopted by the agreed public disclosure.
The 2 vulnerabilities will be particularly harmful for units accessible from the web through port forwarding or UPnP, as no authentication is required for potential exploitation.
Bitdefender warns that profitable assaults might bypass firmware integrity checks and deploy persistent malicious code, making cleanup tough.
Dahua, the world’s second-largest CCTV producer behind Hikvision, has confronted scrutiny in a number of nations over cybersecurity points and information privateness issues, significantly associated to potential vulnerabilities in its network-connected units.
It maintains a Product Safety Incident Response Workforce (PSIRT) to coordinate with researchers on reported flaws, comparable to within the case of those vulnerability disclosures.
It’s urging all clients who haven’t but finished so to replace their digital camera firmware as a matter of urgency.
For anybody unable to take action instantly, it advises disconnecting weak units from direct web entry, disabling UPnP, and isolating cameras on separate networks to scale back threat.
An in depth listing of affected fashions is included in Dahua’s on-line advisory, together with hyperlinks to patched firmware.
Each Dahua and Bitdefender stress unpatched internet-connected units must be thought of prime targets.
You may additionally like
[ad_2]
