Dahua surveillance cameras: check the updates of these models to avoid hacking

Two high severity safety flaws were identified in the firmware of the Dahua. Moreover, Hero C1 cameras (DH-H4C reference) by the Bitdefender research team. Nevertheless, These vulnerabilities. Moreover, affecting the ONVIF protocol and a remote control manager, allow an non -authenticated attacker to execute arbitrary orders on the aircraft. Nevertheless, In case of success, the attack gives full access to the system, including as a superutizer (Root).

Affected devices. measures to take – Dahua surveillance cameras: check updates

The faults were confirmed on a Dahua Hero C1 model (DH-H4C) performing the firmware V2.810.9992002.0.R, compiled January 23, 2024, with ONVIF version 21.06 and a web interface V3.2.1.1452137.

But the magnitude exceeds this single model. Dahua admitted that the faults also affected several other series, when they dahua surveillance cameras: check updates use firmware prior to April 16, 2025. The following ranges are concerned:

• IPC-1XXX
• IPC-2XXX
• IPC-WX
• IPC-ECXX
• SD3A. SD2A, SD3D, SDT2A, SD2C

Users are invited to check the version of their firmware, apply the available fixes, and strengthen the security of their network. It is therefore important to check the version of the firmware of the devices listed above. to apply the updates available thanks to the Dahua administration interface.

The disclosure had been carried out responsible for Bitdefender who had contacted Dahua at the end of March 2025. The manufacturer subsequently published fixes in early July, before the public disclosure which was carried out in late July. Bitdefender greets the collaboration and responsiveness of Dahua in passing.