Share this article on:
Powered by MOMENTUMMEDIA
For breaking news and daily updates,
subscribe to our newsletter.
Researchers have uncovered a series of flaws in the Dahua Hero C1 series that could allow malicious actors to run arbitrary commands remotely.
If you use Dahua smart cameras around your home or business, you might want to pay attention to this one.
Researchers at Bitdefender have uncovered a pair of critical vulnerabilities in Dahua’s Hero C1 family of smart cameras that, when chained together, could lead to remote code execution and a total takeover of the device.
The first vulnerability is CVE-2025-31700, a stack-based buffer overflow in ONVIF protocol handler that can allow an attacker to write an arbitrary number of bytes to the stack, which could lead to a buffer overflow and the overwriting of several CPU registers.
The second vulnerability is CVE-2025-31701, a .bss segment overflow via the RPC upload handler. This could allow an attacker to overwrite adjacent global variables.
“By planting a crafted structure in memory, the attacker can redirect execution to a call to system(), again resulting in full remote code execution,” Bitdefender said in a 31 July blog post.
“No authentication needed.”
The vulnerabilities are particularly impactful on devices that are internet-facing via port-forwarding or UPnP.
Dahua is aware of the issue and has worked with Bitdefender to remediate the issue since March 2025. A patch that addressed the issue was released on 7 July, with the pair of vulnerabilities officially disclosed on 23 July.
“We would like to extend our sincere thanks to the Dahua security team for their professional handling of the vulnerabilities reported. Their prompt triage, prioritisation, and resolution of the issues demonstrate a strong commitment to customer safety and product integrity,” Bitdefender said.
“This type of collaboration between researchers and vendors is extremely valuable to the broader cyber security ecosystem – ensuring that vulnerabilities are addressed before they can be weaponised. We hope to see this level of responsiveness and transparency replicated across the industry.”
Firmware versions after 16 April 2025 address the issues, so make sure your firmware is up to date. Dahua also found that the following devices were also impacted during its own audit: IPC-1XXX Series, IPC-2XXX Series, IPC-WX Series, IPC-ECXX Series, SD3A Series, SD2A Series, SD3D Series, SDT2A Series, and SD2C Series with firmware versions older than 16 April 2025.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.