CVE-2025-31703 identifies an authentication bypass vulnerability in Dahua's NVR2-4KS3 network video recorder devices. The vulnerability stems from a primary weakness in the device's authentication mechanism (CWE-305), specifically allowing an attacker with physical access to the device's serial port to bypass authentication controls on the restricted shell interface. This bypass enables privilege escalation, granting the attacker elevated control over the device. The affected versions include all builds prior to March 3, 2026. Exploitation requires direct physical access to the device's serial port, which limits remote attack vectors but raises concerns in environments where physical security is insufficient. The vulnerability does not require prior authentication or user interaction, increasing the risk if physical access is obtained. The CVSS 4.0 base score of 2.4 reflects the low attack vector (physical), low complexity, and no privileges or user interaction required, but also the limited scope and impact due to the need for physical access. No patches or exploits are currently publicly available, but the vendor is aware and the issue is published. This vulnerability could allow attackers to gain unauthorized shell access, potentially leading to device manipulation, data interception, or pivoting within a network.

The primary impact of this vulnerability is unauthorized access and privilege escalation on Dahua NVR2-4KS3 devices, which are commonly used for video surveillance in enterprise, government, and critical infrastructure environments. An attacker with physical access could bypass authentication and gain control over the device's shell, potentially allowing them to alter device configurations, disable security features, or extract sensitive video data. This could compromise the confidentiality and integrity of surveillance footage and disrupt monitoring capabilities, impacting physical security operations. While the requirement for physical access limits the scope, environments with less stringent physical controls or exposed devices (e.g., remote or outdoor installations) are at higher risk. The vulnerability could also be leveraged as a foothold for lateral movement within a network, increasing overall organizational risk. Given the widespread use of Dahua devices globally, the impact could be significant in sectors relying heavily on video surveillance for security and operational monitoring.

To mitigate this vulnerability, organizations should implement strict physical security controls to prevent unauthorized access to Dahua NVR2-4KS3 devices, including securing device locations and restricting access to trusted personnel only. Monitoring and logging physical access attempts can help detect suspicious activity. Organizations should regularly check for firmware updates from Dahua addressing this vulnerability and apply patches promptly once available. If firmware updates are not yet released, consider disabling or physically blocking access to the serial port where feasible. Network segmentation should be employed to isolate surveillance devices from critical network segments to limit potential lateral movement. Additionally, conduct regular security audits of physical and network controls around surveillance infrastructure. Employing tamper-evident seals or enclosures can also deter or reveal unauthorized physical access attempts. Finally, maintain an inventory of affected devices to prioritize remediation efforts.