Dahua Security - Configuration File Disclosure

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and...

Dahua Smart Park Management - Arbitrary File Upload

Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePointaddImgIco?. id: CVE-2023-3836 info: name: Dahua Smart Park Management - Arbitrary File Upload...

Dahua IPC/VTH/VTO - Authentication Bypass

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. id: CVE-2021-33045 info: name: Dahua IPC/VTH/VTO - Authentication Bypass author: phantomowl severity:...

Dahua IPC/VTH/VTO - Authentication Bypass

Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. id: CVE-2021-33044 info: name: Dahua IPC/VTH/VTO - Authentication Bypass author: gy741 severity: critical description: Some...

Dahua Security Assessment Tool - Authentication, Scan, and Exposure Testing Script

This Python script is a security assessment tool designed to evaluate the exposure and potential vulnerabilities of Dahua-based devices commonly IP cameras and NVR systems. It combines multiple testing modules into one CLI utility...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

EUVD-2025-208815

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

CVE-2025-31703

Dahua NVR/XVR devices are affected. A third‑party with physical access may access a restricted shell through the serial port and bypass shell authentication to escalate privileges. The CVSS assessment indicates low impact across confidentiality and integrity, no impact on availability. The provid...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

Dahua NVR和Dahua XVR 安全漏洞

Dahua NVR and Dahua XVR are both products of Dahua, a Chinese company. Dahua NVR is a series of network video recorders. Dahua XVR is a series of devices capable of recording and displaying high-definition and IP cameras. Both Dahua NVR and Dahua XVR have security vulnerabilities; these...

PT-2026-26031

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware

Dahua IP Camera CVE Exploit Tools ⚠️ UNDER DEVELOPMENT...

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware

CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit...

CVE-2021-33044

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets...

CVE-2021-33046

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords...

📄 Dahua TPC-AEBF5201 P2P Camera ToolsComplete Security Analysis Suite

This PHP proof-of-concept provides defensive tooling to analyze DH-P2P / Easy4IP behaviors observed during DFIR activities. It includes routines to decrypt Account1SecEData, derive device-specific cryptographic keys, and reproduce authentication code generation logic. The project is intended to...

CVE-2025-31702

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...

CVE-2025-31702

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...