A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 15 Oct 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 15 Oct 2025 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected. | |
Weaknesses | CWE-732 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: dahua
Published:
Updated: 2025-10-15T13:25:09.791Z
Reserved: 2025-04-01T05:57:11.782Z
Link: CVE-2025-31702

Updated: 2025-10-15T13:24:16.790Z

Status : Received
Published: 2025-10-15T06:15:42.907
Modified: 2025-10-15T06:15:42.907
Link: CVE-2025-31702

No data.

No data.