VYPR
Vendor

Dahua

Products
36
CVEs
63
Across products
75
Status
Private

Products

36
View all 36 products →

Recent CVEs

63
View all 63 CVEs →
  • CVE-2021-33045CriKEVSep 15, 2021
    risk 0.84cvss 9.8epss 1.00

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

  • CVE-2021-33044CriKEVSep 15, 2021
    risk 0.84cvss 9.8epss 1.00

    The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

  • CVE-2013-2568CriJan 29, 2020
    risk 0.71cvss 9.8epss 0.49

    A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.

  • CVE-2013-1599CriJan 28, 2020
    risk 0.70cvss 9.8epss 0.40

    A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L…

  • CVE-2013-2570CriJan 29, 2020
    risk 0.69cvss 9.8epss 0.27

    A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.

  • CVE-2024-13985CriAug 27, 2025
    risk 0.65cvss epss 0.08

    A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is…

  • CVE-2023-7309CriAug 27, 2025
    risk 0.65cvss epss 0.01

    A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to…

  • CVE-2024-35343CriMay 28, 2024
    risk 0.64cvss 9.8epss 0.00

    Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's filesystem via a HTTP GET request to the /playback/ URI. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280,…

  • CVE-2021-33046CriJan 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

  • CVE-2020-9502CriMay 13, 2020
    risk 0.64cvss 9.8epss 0.02

    Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

  • CVE-2019-9677CriSep 18, 2019
    risk 0.64cvss 9.8epss 0.01

    The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HD…

  • CVE-2017-3223CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.05

    Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the…

  • CVE-2026-29116HigJun 10, 2026
    risk 0.57cvss epss 0.00

    A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

  • CVE-2025-34059HigJul 1, 2025
    risk 0.57cvss epss 0.00

    An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize user input, allowing unauthenticated attackers to inject…

  • CVE-2019-9679HigSep 18, 2019
    risk 0.57cvss 8.8epss 0.01

    Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for…

  • CVE-2013-2569HigJan 29, 2020
    risk 0.54cvss 7.5epss 0.31

    A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.

  • CVE-2019-3948HigJul 29, 2019
    risk 0.54cvss 7.5epss 0.27

    The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX V2.623.0000000.1.R, Dahua DH-SD6XXXXX…

  • CVE-2019-9682HigMay 13, 2020
    risk 0.53cvss 8.1epss 0.01

    Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login…

  • CVE-2013-2567HigJan 29, 2020
    risk 0.53cvss 7.5epss 0.15

    An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.

  • CVE-2013-4985HigDec 27, 2019
    risk 0.52cvss 7.5epss 0.09

    Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream

VYPR — Vulnerability Intelligence