Critical Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE
Researchers at Bitdefender have disclosed two critical vulnerabilities in the firmware of Dahua smart surveillance cameras. These flaws, rooted in the ONVIF protocol implementation and the file upload mechanism, enable attackers to gain full control over the devices without requiring authentication.
The vulnerabilities, identified as CVE-2025-31700 and CVE-2025-31701, each carry a CVSS score of 8.1. A wide range of Dahua camera models are affected, including the IPC-1XXX, IPC-2XXX, IPC-WX, IPC-ECXX series, as well as the PTZ and high-speed dome models SD2A, SD2C, SD3A, SD3D, and SDT2A, provided their firmware was compiled before April 16, 2025. Users can verify the build date through the device’s web interface under the “System Information” section.
Both vulnerabilities stem from buffer overflow conditions. The first, CVE-2025-31700, is a stack-based buffer overflow found in the ONVIF request handler—a widely adopted open standard for video surveillance and access control in IP cameras. The second, CVE-2025-31701, resides in the RPC file upload handler and permits an attacker to overflow the buffer and inject arbitrary code into the system.
Although some devices may utilize security features such as ASLR (Address Space Layout Randomization), these measures do not eliminate the risk of denial-of-service (DoS) attacks. Under specific conditions, even remote code execution remains a possibility.
Dahua cameras, deployed across a variety of environments—from retail stores and warehouses to casinos and residential complexes—become especially vulnerable when exposed via port forwarding or UPnP. In such configurations, an attacker can bypass all authentication measures, escalate privileges to root, and execute any commands, including the installation of custom software and the launch of persistent services.
A particularly alarming aspect of these vulnerabilities is their ability to circumvent firmware integrity verification. This enables an attacker to implant unsigned executables and establish long-term persistence, rendering remediation efforts both complex and time-consuming.
According to Bitdefender, the attack surface in such devices remains considerable—especially given that many surveillance cameras seldom receive timely security updates or are completely isolated from centralized management systems. This creates conditions in which a single exploit could compromise vast numbers of surveillance systems, turning them into entry points for broader attacks against corporate or personal infrastructures.
Dahua has released firmware updates addressing both vulnerabilities and strongly urges all affected users to immediately apply the latest patches. Given that both flaws allow unauthenticated remote code execution, any delay in updating could lead to severe consequences—particularly for devices with internet-facing access.
