[CIVN-2025-0162] Multiple buffer overflow vulnerabilities in Dahua Products

By Published On: August 4, 2025

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple buffer overflow vulnerabilities in Dahua Products 
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
IPC-1XXX Series versions having build time before 16-04-2025
IPC-2XXX Series versions having build time before 16-04-2025
IPC-WX Series versions having build time before 16-04-2025
IPC-ECXX Series versions having build time before 16-04-2025
SD2A Series versions having build time before 16-04-2025
SD3A Series versions having build time before 16-04-2025
SD3D Series versions having build time before 16-04-2025
SDT2A Series versions having build time before 16-04-2025
SD2C Series versions having build time before 16-04-2025
(To verify the build time, log in to the device¿s web interface.)
Overview
Multiple vulnerabilities have been reported in Dahua Products, which could be exploited by an attacker to execute arbitrary code or cause denial-of-service (DoS) on affected systems.
Target Audience:
Organizations deploying Dahua IPC and SD series surveillance devices.
Risk Assessment:
High risk of service disruption, system crashes, or remote compromise.
Impact Assessment:
Potential for denial-of-service (DoS) or remote code execution.
Description
Dahua products, including the IPC and SD series, offer a range of advanced video surveillance solutions designed for security monitoring across various environments.
These vulnerabilities exist in Dahua products due to improper bounds checking, leading to buffer overflows when specially crafted network packets are processed by affected devices.
Successful exploitation of these vulnerabilities could allow attacker to execute arbitrary code and perform denial-of-service (DoS) on affected systems.
Solution
Apply appropriate fixes as mentioned in the Dahua Security Advisory:
https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775
Vendor Information
 
https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775
CVE Name
CVE-2025-31700
CVE-2025-31701
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiQxOQACgkQ3jCgcSdc
ys94WQ//XVRj3qlmR7tOun/DKK+K54RJFq7UjMfk+xU4Vs7m6CNaa5MyuZW5Q4oQ
2iNAqPerkXveRS5QfNtHpjkHhsA7lIcfC4hQ8PeaTTmLBqCbAgwKZcL6CHiM6400
npg9K6CuJhDEYz4bzn7+3XMREeuvhBKn+THTiAC7Gv9vXlDiBeRgOIQ3tnrt/VR5
lQPn8oEHqC+t7c9UsGRzf6cDqdYRmvUPRtYWTiOn8/UJDcqyYtBEkTVkqWiod8Nf
72fu8+FEYsTbxS5QY/pCi3h9y3xqvro9GT9uMEAeKzvGvNepPIE0JO3XT0OtbSuG
H42TavOxdWSp/IL6oLaymIPk+qdQ+6LI4J2j2UfqONAVcUZ2TzMPRZGFkeT0Fw3F
N3Y7V9fgDYSwCpJ81Ph9Tj7kPAWCrT0ba9+IJ1Jq0U4Jz2389Nig54ISF3G8Bc84
vGrECIBAAXbQA/GOl7LqmliX1wDLEq0Q4FwdU6/LFkEr5opSCsIGEHpxxFd3jMIP
r7HsqytnPRqtCfTI7bjd1V4HQsXog5vROQ0fFZBI8O7USdcaWMqe/Yp+4HUfwMDF
/U6+PGnkR2M7tJ6CdH0U7HwcHDyRJm06MGeCdzkPKPx2mpT30vv2Ddgbca0TcFKy
Pjpy7eHaQZNHtAUHDS6Roq80CS4ZHrHt3d+SUFc8d5Gms/O4/Eo=
=nHid
—–END PGP SIGNATURE—–

Share this article