Vulnerability in Dahua Nvr2-4ks3

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate pri…

EPSS: 0.000 (2.8th percentile) — read the EPSS interpretation.

Affected products

Dahua Nvr2-4ks3 — versions Versions which Build time prior to 3rd March 2026
Dahua Xvr1b16h-i/t — versions Versions which Build time prior to 3rd March 2026
Dahua Xvr4232an-i/t — versions Versions which Build time prior to 3rd March 2026

Weakness classification (CWE)

CWE-305 — Authentication Bypass by Primary Weakness

References

www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/security-advisory-–-…