Bitdefender and Dahua Collaborate to Fix Vulnerabilities in Dahua Firmware

Vulnerabilities Identified in Dahua Hero C1 Smart Cameras 

Researchers at Bitdefender identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device’s ONVIF protocol and file upload handlers, if left unactioned, could allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device. 

The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched.

Affected Devices 

The issues were verified on a Dahua Hero C1 (DH-H4C) running firmware version V2.810.9992002.0.R (Build Date: 2024-01-23) with ONVIF version 21.06 and Web UI version V3.2.1.1452137. This version was confirmed as the latest available when starting Bitdefender’s research through the device’s own update interface. 

Other device models that were identified during the vendor’s own audit include: IPC-1XXX Series, IPC-2XXX Series, IPC-WX Series, IPC-ECXX Series, SD3A Series, SD2A Series, SD3D Series, SDT2A Series, SD2C Series with firmware versions older than 2025/04/16. 

Acknowledgement 

Bitfender acknowledged, and were grateful to, the Dahua security team for their professional handling of the vulnerabilities reported. Dahua’s prompt triage, prioritisation, and resolution of the issues demonstrated a strong commitment to their customer safety and product integrity. This type of collaboration between researchers and vendors is extremely valuable to the broader cybersecurity ecosystem – ensuring that vulnerabilities are addressed before they can be weaponized. 

Disclosure Timeline 

• 28 March 2025: Bitdefender shares the findings with the Dahua team through a secure communication channel
• 29 March 2025: Dahua acknowledges receptions and proceeds with internal investigation
• 1 April 2025: Dahua confirms the reports as valid
• 17 April 2025: Firmware versions after 2025/04/16 fix the issues on later models
• 7 July 2025: Dahua releases patches for the vulnerability
• 30 July 2025: The report becomes public as part of the coordinated responsible disclosure efforts

Vulnerability 1 and 2 : Stack-Based Buffer Overflow in ONVIF Protocol Handler (CVE-2025-31700) and .bss Segment Overflow via RPC Upload Handler (CVE-2025-31701). Full explanations are given in Bitdefender’s Blog Post

Security Impact 

Both vulnerabilities are unauthenticated and exploitable over the local network. Devices exposed to the internet through port forwarding or UPnP are especially at risk. Successful exploitation provides root-level access to the camera with no user interaction. 

Because the exploit path bypasses firmware integrity checks, attackers can load unsigned payloads or persist via custom daemons, making cleanup difficult. 

Recommendations 

A number of recommendations have been made, and responsibility rests with the end-users and owners. These include avoid exposing the Dahua camera web interface of vulnerable models to the internet, disabling UPnP and removing port forwarding rules if present, isolating the camera on a separate VLAN or dedicated IoT network to limit lateral movement, and monitoring Dahua updates and applying patches as soon as available.
It has been reported that firmware versions after 2025/04/16 fix the issues.