CVE-2025-31701
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: Dahua Technologies
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dahua | sd3a | * |
| dahua | ipc-wx | * |
| dahua | ipc-2xxx | * |
| dahua | tpc-aebf5201 | * |
| dahua | ipc-1xxx | * |
| dahua | tpc-ca | * |
| dahua | sd2a | * |
| dahua | sd3d | * |
| dahua | sd2c | * |
| dahua | ipc-ecxx | * |
| dahua | sdt2a | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in Dahua products that can be exploited by attackers sending specially crafted malicious packets. Exploiting this flaw may cause the device to crash or allow remote code execution (RCE), meaning attackers could run arbitrary code on the affected device. Some devices have protections like Address Space Layout Randomization (ASLR) which make RCE less likely, but denial-of-service (DoS) attacks are still possible.
How can this vulnerability impact me? :
The vulnerability can lead to service disruption through crashes or denial-of-service attacks. In the worst case, attackers could execute arbitrary code remotely on the affected device, potentially taking control of it. This could compromise the security and availability of the device and any systems relying on it.