—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple buffer overflow vulnerabilities in Dahua Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

IPC-1XXX Series versions having build time before 16-04-2025

IPC-2XXX Series versions having build time before 16-04-2025

IPC-WX Series versions having build time before 16-04-2025

IPC-ECXX Series versions having build time before 16-04-2025

SD2A Series versions having build time before 16-04-2025

SD3A Series versions having build time before 16-04-2025

SD3D Series versions having build time before 16-04-2025

SDT2A Series versions having build time before 16-04-2025

SD2C Series versions having build time before 16-04-2025

(To verify the build time, log in to the device¿s web interface.)

Overview

Multiple vulnerabilities have been reported in Dahua Products, which could be exploited by an attacker to execute arbitrary code or cause denial-of-service (DoS) on affected systems.

Target Audience:

Organizations deploying Dahua IPC and SD series surveillance devices.

Risk Assessment:

High risk of service disruption, system crashes, or remote compromise.

Impact Assessment:

Potential for denial-of-service (DoS) or remote code execution.

Description

Dahua products, including the IPC and SD series, offer a range of advanced video surveillance solutions designed for security monitoring across various environments.

These vulnerabilities exist in Dahua products due to improper bounds checking, leading to buffer overflows when specially crafted network packets are processed by affected devices.

Successful exploitation of these vulnerabilities could allow attacker to execute arbitrary code and perform denial-of-service (DoS) on affected systems.

Solution

Apply appropriate fixes as mentioned in the Dahua Security Advisory:

https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775

Vendor Information

 

https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775

CVE Name

CVE-2025-31700

CVE-2025-31701

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiQxOQACgkQ3jCgcSdc

ys94WQ//XVRj3qlmR7tOun/DKK+K54RJFq7UjMfk+xU4Vs7m6CNaa5MyuZW5Q4oQ

2iNAqPerkXveRS5QfNtHpjkHhsA7lIcfC4hQ8PeaTTmLBqCbAgwKZcL6CHiM6400

npg9K6CuJhDEYz4bzn7+3XMREeuvhBKn+THTiAC7Gv9vXlDiBeRgOIQ3tnrt/VR5

lQPn8oEHqC+t7c9UsGRzf6cDqdYRmvUPRtYWTiOn8/UJDcqyYtBEkTVkqWiod8Nf

72fu8+FEYsTbxS5QY/pCi3h9y3xqvro9GT9uMEAeKzvGvNepPIE0JO3XT0OtbSuG

H42TavOxdWSp/IL6oLaymIPk+qdQ+6LI4J2j2UfqONAVcUZ2TzMPRZGFkeT0Fw3F

N3Y7V9fgDYSwCpJ81Ph9Tj7kPAWCrT0ba9+IJ1Jq0U4Jz2389Nig54ISF3G8Bc84

vGrECIBAAXbQA/GOl7LqmliX1wDLEq0Q4FwdU6/LFkEr5opSCsIGEHpxxFd3jMIP

r7HsqytnPRqtCfTI7bjd1V4HQsXog5vROQ0fFZBI8O7USdcaWMqe/Yp+4HUfwMDF

/U6+PGnkR2M7tJ6CdH0U7HwcHDyRJm06MGeCdzkPKPx2mpT30vv2Ddgbca0TcFKy

Pjpy7eHaQZNHtAUHDS6Roq80CS4ZHrHt3d+SUFc8d5Gms/O4/Eo=

=nHid

—–END PGP SIGNATURE—–