Serious Security Vulnerabilities in Dahua Cameras Enable Remote Takeover via ONVIF and File Upload Exploits

July 30, 2025
Firmware Security / Vulnerability

Cybersecurity researchers have revealed critical security vulnerabilities within the firmware of Dahua smart cameras, which have since been patched. If left unaddressed, these flaws could allow attackers to take control of affected devices. According to a report from Bitdefender shared with The Hacker News, the vulnerabilities—related to the device’s ONVIF protocol and file upload handlers—enable unauthorized attackers to execute arbitrary commands remotely, effectively seizing control of the device.

Tracked as CVE-2025-31700 and CVE-2025-31701 (CVSS scores: 8.1), the vulnerabilities impact the following device series running firmware versions with build timestamps prior to April 16, 2025:

  • IPC-1XXX Series
  • IPC-2XXX Series
  • IPC-WX Series
  • IPC-ECXX Series
  • SD3A Series
  • SD2A Series
  • SD3D Series
  • SDT2A Series
  • SD2C Series

Users can check their device’s build time by logging into the web interface and navigating to Settings → System Information → Version. Both vulnerabilities are classified as…

Critical Security Vulnerabilities in Dahua Cameras Allow Potential Remote Takeover

In a recent disclosure, cybersecurity experts have revealed serious security vulnerabilities within the firmware of Dahua smart cameras, now patched but capable of enabling remote control hijacking of affected devices if not mitigated. These flaws, specifically tied to the ONVIF protocol and file upload handlers, leave the devices exposed to unauthenticated attackers who could issue arbitrary remote commands, effectively seizing control of the camera systems, according to a report by Bitdefender shared with The Hacker News.

The vulnerabilities, designated as CVE-2025-31700 and CVE-2025-31701 and both registering a CVSS score of 8.1, impact a range of Dahua camera models, including the IPC-1XXX, IPC-2XXX, IPC-WX, IPC-ECXX, SD3A, SD2A, SD3D, SDT2A, and SD2C series. Businesses utilizing these cameras should be particularly vigilant, as the affected firmware versions have build timestamps prior to April 16, 2025. Users can easily verify their devices’ build times by accessing the web interface and navigating to the System Information section under Settings.

The vulnerabilities allow unauthorized attackers to exploit backend systems associated with these cameras, posing a significant risk to organizations relying on surveillance for security. When control is compromised, attackers gain the ability to manipulate the devices according to their malicious intents, potentially leading to unauthorized surveillance, data breaches, or even worse security incidents.

While these vulnerabilities have been patched, the incident raises critical concerns regarding the overall security practices of organizations relying on Internet of Things (IoT) devices. As the landscape of cyber threats continues to evolve, businesses need to remain vigilant against emerging risks. An analysis of potential adversary tactics indicates that initial access and privilege escalation may have been tactics used to exploit these vulnerabilities, highlighting how an effective defense requires continuous monitoring and timely firmware updates.

Organizations across various sectors should prioritize a comprehensive cybersecurity strategy, incorporating timely updates and rigorous security protocols to mitigate risks from potential vulnerabilities like those found in Dahua cameras. Adequate knowledge of the MITRE ATT&CK framework can enhance the understanding of these tactics, aiding in strengthening defenses against similar threats in the future.

In conclusion, while these specific vulnerabilities in Dahua cameras have been addressed, the broader implications for cybersecurity practices cannot be overlooked. Companies must actively engage in cybersecurity awareness and implement robust measures to protect against evolving threats in an increasingly connected world.

Source link