Executive Summary

This vulnerability affects certain Dahua embedded products and allows a third-party attacker who has obtained normal user credentials to exploit a flaw via specific HTTP requests. This exploitation enables access to data normally restricted to admin privileges, such as system-sensitive files. It can also lead to tampering with the admin password, resulting in privilege escalation. Systems configured with only an admin account are not affected. [1]

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability can allow an attacker with normal user credentials to access sensitive admin-level data and potentially change the admin password. This leads to privilege escalation, giving the attacker higher-level access and control over the system, which can compromise system integrity and security. [1]

Useful 0 Not Useful 0

Detection Guidance

Detection involves verifying if the Dahua product is running a vulnerable version built before July 1, 2025. This can be done by accessing the product's web interface and navigating to Settings → System Information → Version Information to check the build time. Additionally, monitoring for specific HTTP requests that attempt to access admin-restricted data using normal user credentials may indicate exploitation attempts. However, no specific detection commands are provided in the available resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include verifying the product's build time and upgrading to fixed software versions provided by Dahua. If the product supports cloud upgrades, apply the patch via cloud upgrade. Otherwise, download the fixed version manually from Dahua's official website or contact local technical support. Additionally, consider limiting user accounts to avoid having only normal user credentials that could be exploited, and monitor for suspicious HTTP requests. [1]

Useful 0 Not Useful 0