CVE-2025-31702

MEDIUM

Dahua embedded products - Privilege Escalation

Title source: llm

Description

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.

Exploits (1)

nomisec WORKING POC 3 stars

by itres-labs · poc

https://github.com/itres-labs/CVE-2025-31702

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.dahuasecurity.com/aboutUs/trustedCenter/details/777

Scores

CVSS v3 6.8

EPSS 0.0003

EPSS Percentile 10.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-732

Status published

Products (2)

Dahua/IPC Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, a

Dahua/SD Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limi

Published Oct 15, 2025

Tracked Since Feb 18, 2026