Cybersecurity experts from Bitdefender have uncovered critical vulnerabilities in Dahua Hero C1 (DH-H4C) smart cameras that could allow hackers to remotely take full control of the devices. These flaws pose a major threat due to the widespread use of the cameras in homes, stores, and warehouses.
The issues, tied to the ONVIF protocol and file upload handlers, could be exploited without authentication, enabling attackers to execute arbitrary code and gain root access. Bitdefender reported the flaws to Dahua, and patches are now available. Users are strongly advised to update their firmware immediately.
One flaw, CVE-2025-31700 (CVSS 8.1), is a stack-based buffer overflow via the ONVIF handler on port 80. It allows memory manipulation by misusing the Host header, which leads to code execution through return-oriented programming (ROP). Bitdefender’s proof-of-concept demonstrated how a malicious payload could drop a file and open a shell.
The second flaw, CVE-2025-31701 (CVSS 8.1), lies in an undocumented RPC endpoint that processes upload requests. It allows buffer overflows in the .bss segment, letting attackers overwrite global variables and hijack system calls. Both vulnerabilities can lead to complete device takeover.
These issues affect multiple Dahua models using firmware versions prior to April 16, 2025. Devices exposed online through port forwarding or UPnP are especially vulnerable, as attackers can bypass integrity checks and install persistent malware.
Disclosure Timeline:
- Mar 28, 2025: Bitdefender reported the flaws to Dahua
- Mar 29: Dahua confirmed receipt
- Apr 01: Vulnerabilities validated
- Apr 23: Dahua requested disclosure delay
- Jul 07: Patches released
- Jul 23: Public disclosure
To stay safe, users should disable UPnP and port forwarding, avoid exposing cameras online, isolate devices from main networks, and install firmware updates issued after April 16, 2025.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
