{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31703", "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "state": "PUBLISHED", "assignerShortName": "dahua", "dateReserved": "2025-04-01T05:57:11.783Z", "datePublished": "2026-03-18T07:13:21.911Z", "dateUpdated": "2026-03-18T14:09:28.123Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua", "dateUpdated": "2026-03-18T07:13:21.911Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-305", "description": "CWE-305 Authentication bypass by primary weakness", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "affected": [{"vendor": "dahua", "product": "NVR2-4KS3", "versions": [{"status": "affected", "version": "Versions which Build time prior to 3rd March 2026"}], "defaultStatus": "unaffected"}, {"vendor": "dahua", "product": "XVR4232AN-I/T", "versions": [{"status": "affected", "version": "Versions which Build time prior to 3rd March 2026"}], "defaultStatus": "unaffected"}, {"vendor": "dahua", "product": "XVR1B16H-I/T", "versions": [{"status": "affected", "version": "Versions which Build time prior to 3rd March 2026"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges."}]}], "references": [{"url": "https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-%E2%80%93-vulnerability-found-in-dahua-nvr-xvr-device"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "LOW", "baseScore": 2.4, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:09:19.621439Z", "id": "CVE-2025-31703", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:09:28.123Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31703", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T14:09:19.621439Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:09:24.012Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.4, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "dahua", "product": "NVR2-4KS3", "versions": [{"status": "affected", "version": "Versions which Build time prior to 3rd March 2026"}], "defaultStatus": "unaffected"}, {"vendor": "dahua", "product": "XVR4232AN-I/T", "versions": [{"status": "affected", "version": "Versions which Build time prior to 3rd March 2026"}], "defaultStatus": "unaffected"}, {"vendor": "dahua", "product": "XVR1B16H-I/T", "versions": [{"status": "affected", "version": "Versions which Build time prior to 3rd March 2026"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-%E2%80%93-vulnerability-found-in-dahua-nvr-xvr-device"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-305", "description": "CWE-305 Authentication bypass by primary weakness"}]}], "providerMetadata": {"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua", "dateUpdated": "2026-03-18T07:13:21.911Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31703", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:09:28.123Z", "dateReserved": "2025-04-01T05:57:11.783Z", "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "datePublished": "2026-03-18T07:13:21.911Z", "assignerShortName": "dahua"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges."}], "id": "CVE-2025-31703", "lastModified": "2026-03-18T14:52:44.227", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cybersecurity@dahuatech.com", "type": "Secondary"}]}, "published": "2026-03-18T08:16:26.810", "references": [{"source": "cybersecurity@dahuatech.com", "url": "https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-%E2%80%93-vulnerability-found-in-dahua-nvr-xvr-device"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-305"}], "source": "cybersecurity@dahuatech.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026-03-03)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "nvr2-4ks3", "vendor": "dahua"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026-03-03)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "XVR1B16H-I/T", "source": "cna", "vendor": "dahua"}, "product": "xvr1b16h-i/t", "vendor": "dahua"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2026-03-03)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "XVR4232AN-I/T", "source": "cna", "vendor": "dahua"}, "product": "xvr4232an-i/t", "vendor": "dahua"}], "analysis": {"en": {"generated_at": "2026-03-18T08:22:11.154527+00:00", "value": {"mitigation_remediation": ["Check Dahua\u2019s product security advisory page for a firmware update that addresses the serial\u2011port restricted shell vulnerability.", "If an update is available, download and apply it to the affected NVR and XVR models as soon as possible.", "If no patch is available, limit physical access to the device\u2019s serial port by covering the port, disabling it in the firmware settings, or positioning the unit in a secure environment.", "Monitor system logs for unexpected shell login activity and review access controls regularly."], "summary": {"action": "Assess Impact", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Dahua NVR2\u20114KS3, Dahua XVR1B16H\u2011I/T, and Dahua XVR4232AN\u2011I/T models. No specific firmware or hardware version ranges are provided in the CNA data.", "description_and_impact": "A misuse of a restricted shell accessed through a serial port allows a third\u2011party malicious attacker who has physical access to a Dahua NVR or XVR device to bypass authentication and gain elevated privileges. This improper restriction is classified as CWE\u2011305 and can lead to unauthorized control or modification of the device\u2019s configuration and operation.", "risk_and_exploitability": "The CVSS score of 2.4 indicates a low severity, and the EPSS score is not available, with no listing in CISA\u2019s KEV catalog. The requirement of physical access to the serial port makes exploitation less likely in general environments, but once an attacker is in proximity, the lack of authentication enables immediate privilege escalation. The combination of low CVSS and physical access requirement results in a moderate overall risk that warrants inventorying exposed serial ports and applying vendor patches when available."}}}}, "created": "2026-03-18T10:41:44.636096+00:00", "title": "Privilege Escalation via Serial Port Restricted Shell in Dahua NVR/XVR Devices", "updated": "2026-03-24T10:59:13.714847+00:00", "vendors": ["dahua", "dahua$PRODUCT$nvr2-4ks3", "dahua$PRODUCT$xvr1b16h-i/t", "dahua$PRODUCT$xvr4232an-i/t"]}