Home

Description

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files to the server via crafted SOAP requests, including executable JSP payloads. Successful exploitation may lead to remote code execution (RCE) and full compromise of the affected system. The vulnerability is presumed to affect builds released prior to September 2023 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-02-15 UTC.

PUBLISHED Reserved 2025-08-27 | Published 2025-08-27 | Updated 2025-08-28 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

*
affected

Credits

Li Huohuo finder

References

support.dahuatech.com/...aJ%2FIGLBoTg6hGbLYAQKuf5hnmPaK9M%3D vendor-advisory

developer.aliyun.com/article/1333161 technical-description exploit

github.com/tequilasunsh1ne/dahua_bitmap_fileupload exploit

www.vulncheck.com/...latform-front-end-arbitrary-file-upload third-party-advisory

cve.org (CVE-2023-7309)

nvd.nist.gov (CVE-2023-7309)

Download JSON