关联漏洞
标题:
Dahua IPC和Dahua SD 安全漏洞
(CVE-2025-31702)
描述:Dahua IPC和Dahua SD都是中国大华(Dahua)公司的产品。Dahua IPC是大华的一系列工控机。Dahua SD是一系列云台球型摄像机。 Dahua IPC和Dahua SD存在安全漏洞,该漏洞源于第三方恶意攻击者可通过特定HTTP请求访问系统敏感文件等管理员权限数据,可能导致管理员密码篡改和权限提升。
描述
Repository with tools, exploits, and material associated with the analysis and discovery process of CVE-2025-31702 and other related security issues.
介绍
# CVE-2025-31702 — Research tools & DFIR material
**Repository with tools, exploits and research artefacts related to the analysis and discovery of CVE-2025-31702 and related issues.**
---
## Overview
This project collects the material used in the investigation of **CVE-2025-31702** and related operational issues (notably P2P/Easy4IP exposure and auto-update inconsistencies). It includes lab scripts, parsers and notes that helped reproduce and validate behaviours seen during DFIR. The code is intended for *defensive* use in authorized environments only.
---
## Scope & goals
* Provide safe, auditable utilities for defenders to validate their deployments.
* Offer detection ideas and mitigation guidance SOC/IR teams can adopt.
* Keep research artifacts and PoCs documented for transparency.
---
## Legal notice & responsible use
**READ THIS BEFORE USING ANY TOOL**
This repository contains tools that interact with vendor infrastructure and devices. They are **intended only for use on devices you own or systems for which you have explicit written permission to test**.
* Unauthorized use is likely illegal and may cause service disruption.
* Before running tools against any network/device, get written authorization.
---
## Requirements & installation
Minimum environment:
* Python 3.10+
---
文件快照
[4.0K] /data/pocs/40564a2fecf0ce7ad3863a4cec52b241e61e44e8
├── [1.0K] LICENSE
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。