A set of two security vulnerabilities has been found in a widely used line of Dahua security cameras, exposing devices to full remote takeover. The research firm Bitdefender, which shared its findings with Hackread.com, is urging all users to update their camera firmware immediately.
Critical Vulnerabilities Explained
The research identified two specific and critical vulnerabilities. The first, labelled CVE-2025-31700, is a “stack-based buffer overflow” in the camera’s ONVIF protocol. This protocol is a standard that allows different security devices to communicate with each other.
The flaw occurs when the camera handles a network request incorrectly, allowing an attacker to send too much data and overwrite important parts of the device’s memory. This lets the attacker run their own commands on the camera without needing to be logged in.
The second vulnerability, CVE-2025-31701, is a “.bss segment overflow” linked to the camera’s file upload handler. This issue is similar to the first but targets a different part of the camera’s memory. The camera improperly copies a data header, allowing an unauthenticated attacker to overwrite adjacent global variables. By changing these variables, the attacker can hijack the program’s control and achieve full remote code execution.
Affected Devices
The flaws affect the Dahua Hero C1 (DH-H4C) model, a popular camera used in many places like stores, casinos, warehouses, and homes. Bitdefender verified the issues on the Hero C1 running firmware version V2.810.9992002.0.R, which was the latest available when their research began. Dahua’s own audit also confirmed that the same problems affect several other device models, including the IPC-1XXX, IPC-2XXX, IPC-WX, and SD-series cameras.
Urgent Recommendations for Users
The security issues were officially patched by Dahua on July 7, 2025, after a coordinated disclosure process with Bitdefender. According to a timeline provided by the researchers, the flaws were first reported to Dahua on March 28, 2025. This type of cooperation between security researchers and companies is important for fixing problems before they can be used for cyberattacks.
It is worth noting that both vulnerabilities are dangerous because they can be exploited remotely over a local network, and even over the internet if the cameras are exposed through settings like port forwarding or UPnP (Universal Plug and Play). A successful attack gives the attacker complete root-level access to the device, making it possible to install malicious software that is hard to remove.
Therefore, Bitdefender advises all users to check their camera’s firmware version. Any device with firmware older than April 16, 2025, is at risk. If an update is not possible, users should take steps to protect their cameras. This includes not exposing the camera’s web interface to the internet, disabling UPnP, and isolating the camera on a separate network to prevent attackers from moving to other devices.
