Bitdefender has identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. These vulnerabilities, affecting the device’s ONVIF protocol and file upload handlers, could allow unauthenticated attackers to remotely execute arbitrary commands, potentially taking full control of the device.
The vulnerabilities were verified on a Dahua Hero C1 (DH-H4C) smart camera running firmware version V2.810.9992002.0.R (Build Date: 2024-01-23). Other models affected include the IPC-1XXX Series, IPC-2XXX Series, IPC-WX Series, and several others, as confirmed during Dahua’s review. Firmware versions prior to April 16, 2025, are considered vulnerable.
The first vulnerability involves a stack-based buffer overflow (tracked as CVE-2025-31700) in the ONVIF protocol handler. When handling incoming requests, the camera incorrectly processes certain headers, allowing an attacker to overwrite memory and execute arbitrary code remotely. Exploiting this vulnerability does not require authentication and could lead to full device compromise.
The second vulnerability, CVE-2025-31701, involves an issue with the RPC upload handler. This flaw allows attackers to overwrite critical memory structures, potentially redirecting execution to malicious code. Like the first vulnerability, it is unauthenticated and could lead to remote code execution.
Both are unauthenticated and can be exploited over a local network or the internet, especially if the devices are exposed via port forwarding or UPnP. Successful exploitation could give attackers root-level access to the camera, allowing them to execute arbitrary commands and potentially install malicious payloads.
The vulnerabilities were reported to Dahua for mitigation and have since been patched the affected devices.
Users are strongly encouraged to update their devices as soon as possible to mitigate the risks associated with these flaws, along with other general recommendations including:
Update Firmware & Monitor Updates: Ensure camera is running the latest firmware (released after April 16th) to address these vulnerabilities. Also, regularly check for firmware updates and apply them promptly to ensure continued protection.
Limit Exposure & Isolate: Avoid exposing the camera’s web interface to the internet. Disable UPnP and remove any port forwarding rules. Network isolate by placing cameras on a separate network or VLAN to further minimize the impact of potential attacks.
For more information on these vulnerabilities, see the official Bitdefender security analysis report here.
Leave a Reply