Description
A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern.
References (1)
Core 1
Core References
Various Sources
https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775
Scores
CVSS v3
8.1
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (2)
Dahua/IPC
Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, a
Dahua/SD
Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limi
Published
Jul 23, 2025
Tracked Since
Feb 18, 2026