Tech »  Topic »  Critical Flaws Found in Dahua Cameras

Critical Flaws Found in Dahua Cameras

2 days, 10 hours ago   bankinfosecurity

Unauthenticated Bugs Allow Full Remote Code Execution Prajeet Nair (@prajeetspeaks) • July 30, 2025

A Dahua Hero C1 smart camera. (Image: Dahua)

Unauthenticated attackers could remotely hijack Dahua Hero C1 smart cameras by exploiting firmware vulnerabilities, Bitdefender warned in a coordinated disclosure published Wednesday.

See Also: Gartner Report | Magic Quadrant for SD-WAN

Bitdefender said one flaw resides in the how the firmware handles ONVIF protocol messages. The protocol once stood for "Open Network Video Interface Forum" and is an industry standard for transmitting commands between software and networked security products such as cameras. The other flaw is an undocumented file upload endpoint.

"Successful exploitation provides root-level access to the camera with no user interaction," Bitdefender said. "Because the exploit path bypasses firmware integrity checks, attackers can load unsigned payloads or persist via custom daemons, making cleanup difficult."

Dahua Technoloy released patches on July 7 and published and advisory on July 23 ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE