CVE-2025-31703

🗓️ 18 Mar 2026 07:13:21Reported by dahuaType

CVE-2025-31703: Dahua NVR XVR allows physical access via serial port to a restricted shell and bypasses authentication to escalate privileges.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2025-31703	18 Mar 202607:13	–	attackerkb
CNNVD	Dahua NVR和Dahua XVR 安全漏洞	18 Mar 202600:00	–	cnnvd
Cvelist	CVE-2025-31703	18 Mar 202607:13	–	cvelist
EUVD	EUVD-2025-208815	18 Mar 202609:30	–	euvd
NVD	CVE-2025-31703	18 Mar 202608:16	–	nvd
Positive Technologies	PT-2026-26031	18 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-31703	26 Mar 202615:18	–	redhatcve
Vulnrichment	CVE-2025-31703	18 Mar 202607:13	–	vulnrichment

[
  {
    "vendor": "dahua",
    "product": "NVR2-4KS3",
    "versions": [
      {
        "status": "affected",
        "version": "Versions which Build time prior to 3rd March 2026"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "dahua",
    "product": "XVR4232AN-I/T",
    "versions": [
      {
        "status": "affected",
        "version": "Versions which Build time prior to 3rd March 2026"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "dahua",
    "product": "XVR1B16H-I/T",
    "versions": [
      {
        "status": "affected",
        "version": "Versions which Build time prior to 3rd March 2026"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
dahuasecurity	www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-%E2%80%93-vulnerability-found-in-dahua-nvr-xvr-device

18 Mar 2026 14:52Current

5.7Medium risk

Vulners AI Score5.7

CVSS 42.4

EPSS0.00014

SSVC

CWE-305