← voltar
CVE-2025-31703

CVE-2025-31703

CVSS 2.4 LOWEPSS 0.2%CWE-305
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
dahua · NVR2-4KS3dahua · XVR1B16H-I/Tdahua · XVR4232AN-I/T

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-%E2%80%93-vulnerability-found-in-dahua-nvr-xvr-device