Privilege Escalation Vulnerability in Dahua NVR/XVR Devices
CVE-2025-31703

2.4LOW

Key Information:

Vendor: Dahua
Status: Nvr2-4ks3; Xvr4232an-i/t; Xvr1b16h-i/t
Vendor: CVE Published:; 18 March 2026

What is CVE-2025-31703?

A vulnerability exists in Dahua NVR/XVR devices that allows a malicious third party with physical access to exploit the serial port. This security flaw enables unauthorized users to access a restricted shell and bypass the authentication mechanisms in place, potentially granting them elevated privileges and access to sensitive functionalities within the device.

Affected Version(s)

NVR2-4KS3 Versions which Build time prior to 3rd March 2026

XVR1B16H-I/T Versions which Build time prior to 3rd March 2026

XVR4232AN-I/T Versions which Build time prior to 3rd March 2026

References

https://www.dahuasecurity.com/about-dahua/trust-center/da...

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2026
Vulnerability Reserved
Apr 1, 2025

CVE-2025-31703 Data

JSON