Home
LOW: 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:NDefault status
unaffected
Versions which Build time prior to 3rd March 2026
affected
Default status
unaffected
Versions which Build time prior to 3rd March 2026
affected
Default status
unaffected
Versions which Build time prior to 3rd March 2026
affected
Description
A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges.
Problem types
CWE-305 Authentication bypass by primary weakness
Product status
Versions which Build time prior to 3rd March 2026
Versions which Build time prior to 3rd March 2026
Versions which Build time prior to 3rd March 2026
References
www.dahuasecurity.com/...ility-found-in-dahua-nvr-xvr-device