Skip to main content

Dahua IPC CVE-2026-29114

| EUVDEUVD-2026-35984 LOW
Insertion of Sensitive Information into Externally-Accessible File (CWE-538)
2026-06-10 dahua GHSA-9359-w3rx-353r
2.3
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.3 LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 10, 2026 - 09:22 vuln.today
CVSS changed
Jun 10, 2026 - 07:22 NVD
2.3 (LOW)
CVE Published
Jun 10, 2026 - 05:44 nvd
UNKNOWN (no severity yet)

DescriptionNVD

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.

AnalysisAI

CA root certificate exposure in Dahua IPC devices allows unauthenticated network-based attackers, under specific prerequisite conditions, to retrieve the device's internal CA root certificate. If the obtained certificate is installed and trusted on client systems, the attacker could leverage it to issue fraudulent certificates recognized as valid by those clients, collapsing the integrity of affected certificate trust chains. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and the CVSS 4.0 score of 2.3 reflects the multi-step, user-dependent nature of the full attack chain.

Technical ContextAI

CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory) identifies the root cause: sensitive PKI material - specifically the CA root certificate, and potentially associated private key material - is stored or served via an endpoint reachable over the network. The affected product class is Dahua IPC (IP Camera) devices, identified by CPE cpe:2.3:a:dahua:ipc:*:*:*:*:*:*:*:*. Dahua IPC devices operate internal PKIs to sign device communications, and the flaw allows external parties to retrieve this trust anchor. The downstream risk stems from the way operating systems and browsers extend implicit trust to installed CA certificates: once a CA is trusted, all certificates it signs are accepted without further validation, enabling man-in-the-middle scenarios or service impersonation against affected clients.

RemediationAI

Update affected Dahua IPC devices to firmware with a build date of April 15, 2026 or later, per vendor advisory DHCC-SA-202606-001 (https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001). An exact patched firmware version string was not independently confirmed in available data; contact Dahua support to identify the specific update package for each device model. As compensating controls where patching is not immediately feasible: restrict network access to Dahua IPC management interfaces using firewall rules or VLAN segmentation to prevent unauthorized certificate retrieval; audit client systems in the environment for any previously installed Dahua-issued CA certificates and revoke trust if the installation was not explicitly authorized; and enforce certificate pinning on applications communicating with Dahua devices where technically feasible. Note that VLAN segmentation limits device management reach but does not remediate the underlying vulnerability and should be treated as a temporary measure only.

More in Dahua

View all
CVE-2017-7925 CRITICAL POC
9.8 May 06

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,

CVE-2013-6117 HIGH POC
7.5 Jul 11

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio

CVE-2013-3612 CRITICAL POC
10.0 Sep 17

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which

CVE-2013-3614 CRITICAL POC
9.3 Sep 17

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to o

CVE-2013-3613 HIGH POC
7.8 Sep 17

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access

CVE-2023-3836 CRITICAL POC
9.8 Jul 22

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity

CVE-2021-33045 CRITICAL POC
9.8 Sep 15

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s

CVE-2021-33044 CRITICAL POC
9.8 Sep 15

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s

CVE-2013-3615 HIGH POC
7.8 Sep 17

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent

CVE-2017-7253 HIGH POC
8.8 Mar 30

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerabi

CVE-2017-7927 HIGH POC
7.3 May 06

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC

CVE-2019-3948 HIGH POC
7.5 Jul 29

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0

Share

CVE-2026-29114 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy