Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device’s ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.

The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.

Affected Devices

The issues were ver