Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.
AnalysisAI
This vulnerability in Dahua NVR/XVR devices allows unauthenticated privilege escalation through the serial port console by bypassing shell authentication mechanisms. Affected devices include Dahua NVR2-4KS3, XVR4232AN-I/T, and XVR1B16H-I/T models with build dates prior to March 3, 2026. An attacker with physical access to the device can gain a restricted shell and escalate privileges to access sensitive system functions, though the CVSS 2.4 score reflects the requirement for physical proximity and lack of data availability impact.
Technical ContextAI
The vulnerability exists in Dahua's NVR/XVR device firmware's serial console implementation, which fails to properly enforce authentication controls. The root cause aligns with CWE-305 (Missing Cryptographic Steps), indicating that the authentication bypass mechanism lacks proper cryptographic or verification safeguards on the serial interface. The affected products (cpe:2.3:a:dahua:nvr2-4ks3, cpe:2.3:a:dahua:xvr4232an-i/t, cpe:2.3:a:dahua:xvr1b16h-i/t) are enterprise-grade video surveillance devices that typically expose a serial debug port for maintenance and diagnostics. This serial interface is intended to be protected but lacks adequate authentication enforcement, allowing an attacker to interact with restricted shell commands without proper credential validation.
RemediationAI
Dahua has released firmware patches addressing this vulnerability; devices should be updated to firmware builds dated March 3, 2026 or later. Organizations should prioritize patching for NVR2-4KS3, XVR4232AN-I/T, and XVR1B16H-I/T units according to Dahua's official release schedule available on their PSIRT page. Until patches can be deployed, implement compensating controls by restricting physical access to serial ports on affected devices (use cable locks or restricted server room access), disable serial console ports if not operationally required, and ensure devices are housed in physically secure locations with access logs. Consider reviewing physical security policies for surveillance infrastructure deployments to minimize unauthorized access risk. Refer to the official Dahua security advisory for device-specific patching procedures and to VulDB (https://vuldb.com/?id.351509) for additional technical details on the vulnerability.
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to o
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity
The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s
The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerabi
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0
Same weakness CWE-305 – Authentication Bypass by Primary Weakness
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208815