- Dahua CCTV Error Identified by Bitdefender Affects Over 100 Popular Security Cameras Models
- Vulnerabilities allow the execution of remote code without approval over local or internet connections
- The company calls for firmware updates and network insulation to prevent utilization
Researchers at Bitdefender have announced two critical vulnerabilities affecting a large number of Dahua -smart cameras.
The shortcomings that were patched in the latest firmware update could allow unauthorized attackers to take full control of the affected devices.
Dahua has confirmed that a total of 126 models were affected, including several IPC, SD and DH series units, not just the C1 model reported first.
Patch now
The first of the vulnerabilities, the CVE-2025-31700, is a buffer overflow error in Dahua camera company that can be triggered when the device processes specially designed network packages. If utilized, it can cause the camera to go down or in some cases allow an external striker to run their own code on the device.
The second, CVE-2025-31701, is another buffer overflow problem that is also utilized through malicious designed packages that are sent over the network. It can also be used to go down the camera or potentially get full remote control depending on the target defense.
Both can be utilized to run arbitrary code with root privileges.
Bitdefender reported the private questions to Dahua on March 28, 2025. The manufacturer of Chinese video surveillance equipment recognized the report the next day and validated the results before April 1.
It requested some time to prepare a solution for the problems where Patches finally rolled out last month, followed by the agreed publication.
The two vulnerabilities can be particularly dangerous for devices available from the Internet via port shipping or UPNP, as no approval is required for possible utilization.
Bitdefender warns that successful attacks can bypass firmware integrity control and implement sustained malicious code, making cleaning up difficult.
Dahua, the world’s second largest CCTV producer behind HIKVision, has been subjected to control in several countries of cyber security issues and concerns about data protection, especially related to potential vulnerabilities in its network-affiliated devices.
It maintains a Product Security Incident Response Team (PSIRT) to coordinate with researchers on reported deficiencies, such as in the event of these vulnerability information.
It calls for all customers who have not yet done so to update their camera mounting as an urgent question.
For anyone who is unable to do so right away, disconnecting vulnerable devices from direct Internet access advises, disable UPNP and isolate cameras on separate networks to reduce risk.
A detailed list of affected models is included in Dahua’s online advice along with links to patched firmware.
Both Dahua and Bitdefender-stress, which are not specified Internet-connected devices, must be considered primary targets.
