Vulnerabilities Identified in Dahua Hero C1 Smart Cameras

Bitdefender disclosed two critical unauthenticated RCE vulnerabilities (CVE-2025-31700 and CVE-2025-31701) in Dahua Hero C1 and related IPC models that permit root access and persistent, unsigned payloads via crafted ONVIF Host headers and RPC upload handlers; researcher PoCs demonstrate ELF payload delivery and bind shells, and Dahua published fixes in July 2025—users should patch affected firmware, avoid exposing cameras to the internet, disable UPnP, and isolate devices on a separate network.