Two serious security vulnerabilities discovered in a type of security camera commonly used in Vietnam

In the Vietnamese market, Dahua security cameras are becoming a popular choice for both families and businesses thanks to the combination of stable quality and reasonable price.

This Chinese brand offers a wide range of models, from IP cameras, Wi-Fi cameras to analog surveillance systems, meeting many different needs, from monitoring small stores, private homes to large-scale projects such as industrial parks or office buildings.

A set of two security vulnerabilities have been discovered in a widely used line of Dahua security cameras, leaving the devices vulnerable to complete remote control. Research firm Bitdefender is urging all users to update their camera firmware immediately.

Decoding 2 dangerous security holes

Researchers have pointed out two serious security vulnerabilities on Dahua security cameras, including:

- The first vulnerability (CVE-2025-31700) is a stack-based buffer overflow in the ONVIF protocol - a standard that allows different security devices to "talk" to each other. When the camera mishandles a request from the network, an attacker can send an excessive amount of data, overwrite important areas of memory, and thereby execute arbitrary commands without logging in.

- The second vulnerability (CVE-2025-31701) is a memory overflow, related to the file upload function. The attack is similar to the first vulnerability, but targets a different memory area. The camera mishandles the data header, allowing an unauthenticated attacker to overwrite global variables and take full control of the device, performing remote attacks.

If exploited, these two vulnerabilities will turn the camera into a "gateway" for bad guys to infiltrate the security system, seriously threatening the privacy and safety of users.

Devices that are in the “danger zone”

According to Bitdefender, these two serious vulnerabilities were first discovered on the Dahua Hero C1 (DH-H4C) - a popular security camera model that often appears in many different environments, from retail stores, casinos, warehouses to households.

During the research, the experts tested on Hero C1 using firmware version V2.810.9992002.0.R, which was the latest version at that time, and confirmed the existence of the vulnerability.

Not stopping there, Dahua's internal testing process showed that the same problem also affected many other product lines, including the IPC-1XXX, IPC-2XXX, IPC-WX and SD series camera models.

This means that a series of surveillance systems operating in homes, businesses and critical infrastructure are at risk of being exploited by hackers if they have not been updated with security patches.

Urgent warning: Users need to update security patch immediately

On July 7, 2025, Dahua released security patches for two critical vulnerabilities, following a joint disclosure process with Bitdefender. These vulnerabilities were first reported on March 28, 2025, opening up more than 3 months of cooperation between the security research team and the manufacturer to fix them before hackers could exploit them.

Both vulnerabilities are particularly dangerous because they can be attacked remotely over the local network, and even over the Internet if the camera is exposed through settings such as port forwarding or automatic connection over the network (UPnP).

If exploited, hackers could gain full access at the highest level on the device, install malware that is nearly impossible to remove, turn the camera into a spy tool or a springboard to infiltrate other devices.

Bitdefender recommends checking your firmware version immediately. Any camera running firmware older than April 16, 2025 is potentially vulnerable. If you cannot update, take the following precautions:

- Do not expose the camera's web interface directly to the Internet.

- Turn off automatic connection on the network to prevent automatic port opening.

- Isolate the camera on a separate network to protect other devices.

Delaying updates or ignoring these measures means you are leaving your security system wide open to cybercriminals./.