BDU:2025-13765 | Уязвимость микропрограммного обеспечения IP-камер

📄 Описание

Уязвимость микропрограммного обеспечения IP-камер Dahua связана с неправильным присвоением разрешений для критичного ресурса. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации с помощью специального HTTP-запроса

🖥️ Уязвимое ПО

Dahua Technology Co., Ltd.

Наименование ПО: DH-IPC-HFW1230S1-A-S5, DH-IPC-HDW1230T1-A-S5, DH-IPC-HFW1239S1-A-LED-S5, DH-IPC-HDW1239T1-A-LED-S5, DH-IPC-HFW1230S-A-S5, DH-IPC-HFW1239S1-LED-S5, DH-IPC-HDW1230T-A-S5, DH-IPC-HFW1230TL2-S5, DH-IPC-HDW1230T2-S5, DH-IPC-HFW1439TL1-PV, DH-IPC-HFW1430S1-S5, DH-IPC-HDW1430T1-A-S5, DH-IPC-HDW1430T1-S5, DH-IPC-HFW1430S-S5, DH-IPC-HFW1430S-A-S5, DH-IPC-HDPW1430R1-S5, DH-IPC-HDW1430T-A-S5, DH-IPC-HDW1430T-S5, DH-IPC-HDBW1430E-S5, DH-IPC-HDBW1830E-S6, DH-IPC-HFW1830S-S6, DH-IPC-HDW1830T-S6, DH-IPC-HFW1431S1-A-S4, DH-IPC-HDW1431T1-A-S4, DH-IPC-HFW1431M-A-I1-B-S4, DH-IPC-HFW1431M-A-I2-B-S4, DH-IPC-HDBW1530E-S6, DH-IPC-HFW1530S-S6, DH-IPC-HDW1530T-S6, DH-IPC-HDBW1230E-S5, DH-IPC-HDPW1230R1-S5, DH-IPC-HFW1230S1-S5, DH-IPC-HFW1230M-A-I1-B-S5, DH-IPC-HFW1230M-A-I2-B-S5, DH-IPC-HFW1230DS1-S5, DH-IPC-HDW1230T1-S5, DH-IPC-HDW1230S-S5, DH-IPC-HFW1230S-S5, DH-IPC-HFW1239S-A-LED-S5, DH-IPC-HFW1239V-A-LED-B, DH-IPC-HDPW1230R1-ZS-S5, DH-IPC-HDW1330T1-S5, DH-IPC-HDW1230T1-ZS-S5, DH-IPC-HFW1330S1-S5, DH-IPC-HFW1230T1-ZS-S5, DH-IPC-HDBW1230R-ZS-S5, DH-IPC-HDW1330S-S5, DH-IPC-HDW1230T-ZS-S5, DH-IPC-HFW1330S-S5, DH-IPC-HFW1230T-ZS-S5, DH-IPC-HFW1439S-A-LED-S4, DH-IPC-HDW1239T-A-LED-S5, DH-IPC-HDW1439T-A-LED-S4, DH-IPC-HFW2249S-S-IL, DH-IPC-HFW2449S-S-IL, DH-IPC-HDW2249T-S-IL, DH-IPC-HDW2449T-S-IL, DH-IPC-HFW2241S-S, DH-IPC-HFW2441S-S, DH-IPC-HDW2241T-S, DH-IPC-HDW2441T-S, DH-IPC-HDW2241TM-S, DH-IPC-HDW2441TM-S, DH-IPC-HDBW2241R-ZAS, DH-IPC-HDBW2241R-ZS, DH-IPC-HDBW2441R-ZAS, DH-IPC-HDBW2441R-ZS, DH-IPC-HDW2241T-ZS, DH-IPC-HDW2441T-ZS, DH-IPC-HDBW2241E-S, DH-IPC-HDBW2441E-S, DH-IPC-HFW2241T-AS, DH-IPC-HFW2241T-ZAS, DH-IPC-HFW2241T-ZS, DH-IPC-HFW2441T-ZAS, DH-IPC-HFW2441T-ZS, DH-IPC-HDW2249TM-S-IL, DH-IPC-HDW2449TM-S-IL, DH-IPC-HFW2249T-AS-IL, DH-IPC-HFW2449T-AS-IL, DH-IPC-HFW1230DT-STW, DH-IPC-HFW1430DT-STW, DH-IPC-HDW1230DT-STW, DH-IPC-HDW1430DT-STW, DH-IPC-HFW1230DS-SAW, DH-IPC-HFW1430DS-SAW, DH-IPC-HDBW1230DE-SW, DH-IPC-HDBW1430DE-SW, DH-IPC-HFW1230DS1-SAW, DH-IPC-HFW1430DS1-SAW, DH-IPC-HDW1230DT-SAW, DH-IPC-HDW1430DT-SAW, DH-H2C, DH-H4C, DH-F2C-PV, DH-F2C-LED, DH-T2A-LED, DH-T2A-PV, DH-T4A-PV, DH-T4A-LED, DH-F4C-PV, DH-F4C-LED, DH-P5AE-PV, DH-P3D-3F-PV-4G, DH-P3AE-PV-4G, DH-P5AE-PV-4G, DH-P3AE-PV, DH-SD2A200-GN-A-PV, DH-SD2A500-GN-A-PV, DH-SD3A200-GN-A-PV, DH-SD3A400-GN-A-PV, DH-SD2A200-GN-AW-PV, DH-SD2A500-GN-AW-PV, DH-SD3A405-GN-PV1, DH-SD2A500HB-GN-AW-PV-S2, DH-SD2A200HB-GN-AW-PV-S2, DH-SD2A500HB-GN-A-PV-S2, DH-SD2A200HB-GN-A-PV-S2, DH-SD3D216NB-GNY, DH-SD2C405NB-GNY-A-PV-S2, DH-SD2A300NB-GNY-A-PV, DH-SD2A500NB-GNY-A-PV, DH-SD3D416NB-GNY, DH-SDT2A200-2F-NB-A-PV, DH-ECA2A1400-HN, DH-IPC-HFW1430S1-A-S5, DH-IPC-HFW1339DTK2-SAW-IL, DH-IPC-HFW1539DTK2-SAW-IL, DH-IPC-HFW1339DTK2-SW-PV, DH-IPC-HFW1539DTK2-SW-PV, DH-IPC-HFW1339DTK1-SW-PV, DH-IPC-HFW1539DTK1-SW-PV, DH-IPC-HFW1339DTK1-SAW-IL, DH-IPC-HFW1539DTK1-SAW-IL, DH-IPC-HDW1539DA-SW-PV, DH-IPC-HDW1339DA-SW-PV, DH-IPC-HDW1539DA-SAW-IL, DH-IPC-HDW1339DA-SAW-IL, DH-C5A, DH-P3B-PV, DH-P5B-PV, DH-H3AE, DH-H5AE, DH-H3A, DH-H5A, DH-C4K-P, DH-C2K-P, DH-T5A-IL, DH-T3A-IL, DH-T5A-PV, DH-T3A-PV, DH-F3D-PV, DH-F5D-PV, DH-H3B, DH-H5B, DH-C3A, DHI-TPC-AEBF5201-T, DH-TPC-AEBF5201, TPC-CA540N-BJ, TPC-CA540N-BM, TPC-CA540N-MN, TPC-CA560N-BJ, TPC-CA560N-BM, TPC-CA560N-MN, TPC-CA441N-7, TPC-CA441N-13, TPC-CA441N-25, TPC-CA441N-M25, TPC-CA461N-7, TPC-CA461N-13, TPC-CA461N-25, TPC-CA461N-M25

Версия ПО: - (DH-IPC-HFW1230S1-A-S5), - (DH-IPC-HDW1230T1-A-S5), - (DH-IPC-HFW1239S1-A-LED-S5), - (DH-IPC-HDW1239T1-A-LED-S5), - (DH-IPC-HFW1230S-A-S5), - (DH-IPC-HFW1239S1-LED-S5), - (DH-IPC-HDW1230T-A-S5), - (DH-IPC-HFW1230TL2-S5), - (DH-IPC-HDW1230T2-S5), - (DH-IPC-HFW1439TL1-PV), - (DH-IPC-HFW1430S1-S5), - (DH-IPC-HDW1430T1-A-S5), - (DH-IPC-HDW1430T1-S5), - (DH-IPC-HFW1430S-S5), - (DH-IPC-HFW1430S-A-S5), - (DH-IPC-HDPW1430R1-S5), - (DH-IPC-HDW1430T-A-S5), - (DH-IPC-HDW1430T-S5), - (DH-IPC-HDBW1430E-S5), - (DH-IPC-HDBW1830E-S6), - (DH-IPC-HFW1830S-S6), - (DH-IPC-HDW1830T-S6), - (DH-IPC-HFW1431S1-A-S4), - (DH-IPC-HDW1431T1-A-S4), - (DH-IPC-HFW1431M-A-I1-B-S4), - (DH-IPC-HFW1431M-A-I2-B-S4), - (DH-IPC-HDBW1530E-S6), - (DH-IPC-HFW1530S-S6), - (DH-IPC-HDW1530T-S6), - (DH-IPC-HDBW1230E-S5), - (DH-IPC-HDPW1230R1-S5), - (DH-IPC-HFW1230S1-S5), - (DH-IPC-HFW1230M-A-I1-B-S5), - (DH-IPC-HFW1230M-A-I2-B-S5), - (DH-IPC-HFW1230DS1-S5), - (DH-IPC-HDW1230T1-S5), - (DH-IPC-HDW1230S-S5), - (DH-IPC-HFW1230S-S5), - (DH-IPC-HFW1239S-A-LED-S5), - (DH-IPC-HFW1239V-A-LED-B), - (DH-IPC-HDPW1230R1-ZS-S5), - (DH-IPC-HDW1330T1-S5), - (DH-IPC-HDW1230T1-ZS-S5), - (DH-IPC-HFW1330S1-S5), - (DH-IPC-HFW1230T1-ZS-S5), - (DH-IPC-HDBW1230R-ZS-S5), - (DH-IPC-HDW1330S-S5), - (DH-IPC-HDW1230T-ZS-S5), - (DH-IPC-HFW1330S-S5), - (DH-IPC-HFW1230T-ZS-S5), - (DH-IPC-HFW1439S-A-LED-S4), - (DH-IPC-HDW1239T-A-LED-S5), - (DH-IPC-HDW1439T-A-LED-S4), - (DH-IPC-HFW2249S-S-IL), - (DH-IPC-HFW2449S-S-IL), - (DH-IPC-HDW2249T-S-IL), - (DH-IPC-HDW2449T-S-IL), - (DH-IPC-HFW2241S-S), - (DH-IPC-HFW2441S-S), - (DH-IPC-HDW2241T-S), - (DH-IPC-HDW2441T-S), - (DH-IPC-HDW2241TM-S), - (DH-IPC-HDW2441TM-S), - (DH-IPC-HDBW2241R-ZAS), - (DH-IPC-HDBW2241R-ZS), - (DH-IPC-HDBW2441R-ZAS), - (DH-IPC-HDBW2441R-ZS), - (DH-IPC-HDW2241T-ZS), - (DH-IPC-HDW2441T-ZS), - (DH-IPC-HDBW2241E-S), - (DH-IPC-HDBW2441E-S), - (DH-IPC-HFW2241T-AS), - (DH-IPC-HFW2241T-ZAS), - (DH-IPC-HFW2241T-ZS), - (DH-IPC-HFW2441T-ZAS), - (DH-IPC-HFW2441T-ZS), - (DH-IPC-HDW2249TM-S-IL), - (DH-IPC-HDW2449TM-S-IL), - (DH-IPC-HFW2249T-AS-IL), - (DH-IPC-HFW2449T-AS-IL), - (DH-IPC-HFW1230DT-STW), - (DH-IPC-HFW1430DT-STW), - (DH-IPC-HDW1230DT-STW), - (DH-IPC-HDW1430DT-STW), - (DH-IPC-HFW1230DS-SAW), - (DH-IPC-HFW1430DS-SAW), - (DH-IPC-HDBW1230DE-SW), - (DH-IPC-HDBW1430DE-SW), - (DH-IPC-HFW1230DS1-SAW), - (DH-IPC-HFW1430DS1-SAW), - (DH-IPC-HDW1230DT-SAW), - (DH-IPC-HDW1430DT-SAW), - (DH-H2C), - (DH-H4C), - (DH-F2C-PV), - (DH-F2C-LED), - (DH-T2A-LED), - (DH-T2A-PV), - (DH-T4A-PV), - (DH-T4A-LED), - (DH-F4C-PV), - (DH-F4C-LED), - (DH-P5AE-PV), - (DH-P3D-3F-PV-4G), - (DH-P3AE-PV-4G), - (DH-P5AE-PV-4G), - (DH-P3AE-PV), - (DH-SD2A200-GN-A-PV), - (DH-SD2A500-GN-A-PV), - (DH-SD3A200-GN-A-PV), - (DH-SD3A400-GN-A-PV), - (DH-SD2A200-GN-AW-PV), - (DH-SD2A500-GN-AW-PV), - (DH-SD3A405-GN-PV1), - (DH-SD2A500HB-GN-AW-PV-S2), - (DH-SD2A200HB-GN-AW-PV-S2), - (DH-SD2A500HB-GN-A-PV-S2), - (DH-SD2A200HB-GN-A-PV-S2), - (DH-SD3D216NB-GNY), - (DH-SD2C405NB-GNY-A-PV-S2), - (DH-SD2A300NB-GNY-A-PV), - (DH-SD2A500NB-GNY-A-PV), - (DH-SD3D416NB-GNY), - (DH-SDT2A200-2F-NB-A-PV), - (DH-ECA2A1400-HN), - (DH-IPC-HFW1430S1-A-S5), - (DH-IPC-HFW1339DTK2-SAW-IL), - (DH-IPC-HFW1539DTK2-SAW-IL), - (DH-IPC-HFW1339DTK2-SW-PV), - (DH-IPC-HFW1539DTK2-SW-PV), - (DH-IPC-HFW1339DTK1-SW-PV), - (DH-IPC-HFW1539DTK1-SW-PV), - (DH-IPC-HFW1339DTK1-SAW-IL), - (DH-IPC-HFW1539DTK1-SAW-IL), - (DH-IPC-HDW1539DA-SW-PV), - (DH-IPC-HDW1339DA-SW-PV), - (DH-IPC-HDW1539DA-SAW-IL), - (DH-IPC-HDW1339DA-SAW-IL), - (DH-C5A), - (DH-P3B-PV), - (DH-P5B-PV), - (DH-H3AE), - (DH-H5AE), - (DH-H3A), - (DH-H5A), - (DH-C4K-P), - (DH-C2K-P), - (DH-T5A-IL), - (DH-T3A-IL), - (DH-T5A-PV), - (DH-T3A-PV), - (DH-F3D-PV), - (DH-F5D-PV), - (DH-H3B), - (DH-H5B), - (DH-C3A), - (DHI-TPC-AEBF5201-T), - (DH-TPC-AEBF5201), - (TPC-CA540N-BJ), - (TPC-CA540N-BM), - (TPC-CA540N-MN), - (TPC-CA560N-BJ), - (TPC-CA560N-BM), - (TPC-CA560N-MN), - (TPC-CA441N-7), - (TPC-CA441N-13), - (TPC-CA441N-25), - (TPC-CA441N-M25), - (TPC-CA461N-7), - (TPC-CA461N-13), - (TPC-CA461N-25), - (TPC-CA461N-M25)

Тип ПО: Сетевое средство, ПО сетевого программно-аппаратного средства

ОС / платформа: —

⚙️ Технические сведения

Тип ошибки

Неправильное присвоение разрешений для критичного ресурса (CWE-732)

Класс уязвимости

Уязвимость архитектуры

Дата выявления

15.10.2025

Способ эксплуатации

Манипулирование ресурсами

Способ устранения

Обновление программного обеспечения

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Существует в открытом доступе

Устранение

Уязвимость устранена

📊 CVSS

CVSS 2.0

AV:N/AC:H/Au:S/C:C/I:C/A:N

CVSS 3.0

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

⚠️ Уровень опасности

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,6)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 6,8)

🔗 Источники и меры

🔗 https://www.dahuasecurity.com/aboutUs/trustedCente... 🔗 https://github.com/purpleghosts/CVE-2025-31702 🔗 https://labs.itresit.es/2025/10/15/dahua-cve-2025-...

🏷️ Идентификаторы

CVE-2025-31702

📅 Даты

Дата публикации

06.11.2025

Последнее обновление

06.11.2025

Детали уязвимости