Primary

Context

Dahua NVR/XVR Privilege Escalation Vulnerability via Serial Port

Vulnerability

A vulnerability exists in Dahua NVR and XVR devices, allowing a third-party attacker with physical access to the device to access a restricted shell through the serial port. This access bypasses the shell's authentication, enabling privilege escalation.

Impact

Exploitation of this vulnerability allows unauthorized access to a restricted shell, with the potential to escalate privileges on the device.

Remediation

Users are advised to upgrade to the latest software version available on the Dahua Official website or through local technical support. For products with cloud upgrade capabilities, the patched version can be obtained via cloud upgrade.

Added: Mar 18, 2026, 8:49 AM

Updated: Mar 18, 2026, 8:49 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

1.9

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

1.9

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dahua NVR/XVR Privilege Escalation Vulnerability via Serial Port

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating