Vulnerabilities Found in Dahua Hero C1 Smart Cameras
If you own a Dahua Hero C1 smart camera, it’s crucial to stay informed about recent security vulnerabilities that may put your devices at risk. Researchers from Bitdefender have identified two significant flaws that can allow hackers to take control of these cameras remotely.
Understanding the Vulnerabilities
The vulnerabilities identified are marked as CVE-2025-31700 and CVE-2025-31701. Both issues, when exploited together, could lead to what’s known as remote code execution. This means that attackers could issue arbitrary commands to the device, effectively allowing them to gain full control.
CVE-2025-31700: Buffer Overflow Issue
The first vulnerability, CVE-2025-31700, pertains to a stack-based buffer overflow within the ONVIF protocol handler. In simpler terms, this means that it allows an attacker to write an arbitrary number of bytes to the system’s memory stack. This can lead to a situation where various critical CPU registers are overwritten, creating a pathway for further exploit.
CVE-2025-31701: .bss Segment Overflow
The second vulnerability, CVE-2025-31701, is related to a .bss segment overflow through the RPC upload handler. This flaw permits attackers to overwrite nearby global variables, further compromising the device’s functionality. By crafting a specific memory structure, malicious actors can redirect the camera’s execution to run their own commands, which again results in remote code execution.
No Authentication Required
One of the most worrying aspects of these vulnerabilities is that no authentication is needed to exploit them. This significantly heightens the risk for users, particularly for those whose devices are exposed to the internet via port-forwarding or UPnP settings.
Dahua’s Response to the Security Flaws
Dahua is currently aware of these vulnerabilities and has been working in tandem with Bitdefender since March 2025 to address the issues. A patch was rolled out on July 7, and the vulnerabilities were publicly disclosed shortly thereafter on July 23.
Bitdefender expressed appreciation for Dahua’s proactive approach, stating, "Their prompt triage, prioritization, and resolution of the issues demonstrate a strong commitment to customer safety and product integrity." This collaboration is considered critical in the cybersecurity realm, serving as a model for how the industry should address vulnerabilities before they can be exploited.
What You Need to Do
If you own a Dahua Hero C1 camera or other affected models, it’s essential to ensure that your firmware is updated. The vulnerabilities affect devices with firmware versions older than April 16, 2025, including various IPC and SD series models. To safeguard against these risks, check your device settings and confirm that you’re running the latest firmware to protect your camera from potential exploitation.
Conclusion
As smart home devices become increasingly common, the importance of cybersecurity cannot be overstated. By staying informed and ensuring that your devices are up-to-date, you can significantly reduce the risks associated with these vulnerabilities. With ongoing collaboration between researchers and manufacturers like Dahua, the goal is to enhance cybersecurity measures across the board, making the digital world a safer place for everyone.
