CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE
Ddos 
Dahua Technology has issued a security advisory addressing two high-severity vulnerabilities in its IP camera product line, following a report from the Bitdefender IoT Research Team. The vulnerabilities, tracked as CVE-2025-31700 and CVE-2025-31701 and each carrying a CVSS score of 8.1, stem from buffer overflow conditions that could allow remote attackers to crash devices or execute arbitrary code.
The vulnerabilities can be triggered by sending specially crafted malicious packets to the affected devices. Once triggered, these buffer overflows could lead to service disruption or, in more serious cases, remote code execution (RCE). While Dahua notes that some products may include protection mechanisms such as Address Space Layout Randomization (ASLR), which can reduce the likelihood of successful exploitation, the risk of denial-of-service (DoS) attacks remains significant.
Devices affected by these vulnerabilities include several popular camera series such as the IPC-1XXX, IPC-2XXX, IPC-WX, IPC-ECXX, as well as the SD3A, SD2A, SD3D, SDT2A, and SD2C series. Notably, only firmware versions with a build date earlier than April 16, 2025, are vulnerable. Users can determine their firmware’s build time by logging into the web interface of the device and navigating to the system information section.
To mitigate these threats, Dahua has released updated firmware versions that address the buffer overflow issues. Customers are strongly urged to visit the Dahua download center or contact their local technical support team to apply the patches. Devices updated to firmware versions built after April 16, 2025, are no longer vulnerable.
“We strongly suggest, consistent with cybersecurity best practice, that all Dahua customers follow our security advisory… to ensure their systems are up-to-date and maximally protected,” the company said.
With IP cameras increasingly integrated into physical security and smart infrastructure systems, these vulnerabilities underscore the ongoing importance of timely patch management and responsible disclosure. Organizations using Dahua equipment should act without delay to minimize potential exposure and ensure their systems remain resilient against exploitation.
Related Posts:
- Microsoft, Linux, Dahua Flaws Exploited: CISA Warns
- Dahua Technology Addresses Vulnerabilities in Network Video Recorders and IP Cameras
- Linux Kernel Vulnerability Exposes Local Systems to Privilege Escalation, PoC Published
- Buffer Overflows Vulnerabilities: CISA & FBI Issue Urgent Warning
- Hacker group Anonymous controls over 400 Russian cameras
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
