Skip to main content

Dahua IPC/SD CVE-2026-29115

| EUVDEUVD-2026-35989 MEDIUM
Reachable Assertion (CWE-617)
2026-06-10 dahua GHSA-8v9p-fgh7-hrp2
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 10, 2026 - 09:20 vuln.today
CVSS changed
Jun 10, 2026 - 07:22 NVD
6.9 (MEDIUM)
CVE Published
Jun 10, 2026 - 06:08 nvd
UNKNOWN (no severity yet)

DescriptionNVD

A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

AnalysisAI

Denial of service in Dahua IPC and SD (Speed Dome) camera devices allows an authenticated remote attacker to trigger an unexpected system reboot by sending a specially crafted network packet. The vulnerability is vendor-reported under advisory DHCC-SA-202606-001 and affects specific IPC and SD models with firmware built before March 26, 2026. No public exploit code has been identified at time of analysis, and the attack requires high-privilege authentication (PR:H), materially limiting the realistic attacker population.

Technical ContextAI

The root cause is CWE-617 (Reachable Assertion): a code path in the device firmware contains an assertion that can be reached and triggered by attacker-controlled input in a crafted packet. When the assertion fires, the runtime terminates the current process or the entire firmware - on embedded platforms such as IP cameras and speed dome units, this manifests as an uncontrolled system reboot rather than a graceful service restart. The CVSS 4.0 vector (AV:N/AC:L/AT:N) confirms the vulnerable code path is reachable over the network with no special attack preconditions beyond authentication. The affected CPE cpe:2.3:a:dahua:ipc/sd identifies Dahua's IPC (IP Camera) and SD (Speed Dome) product lines as the impacted software/firmware families.

RemediationAI

The primary remediation is to update affected Dahua IPC and SD devices to firmware with a build date of March 26, 2026 or later, as indicated by the vendor advisory DHCC-SA-202606-001 (https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001). An exact patched firmware version number was not specified in the available data - operators should consult Dahua's PSIRT page or their device management portal to identify the correct build for each model. As a compensating control where immediate patching is not feasible, restrict management-plane network access to trusted IP ranges or VPN-segmented networks to limit the pool of accounts that can reach the vulnerable packet handler. Additionally, audit and minimize the number of accounts with high-privilege access to reduce the viable attacker surface. Note that restricting network access may affect remote administration workflows and should be coordinated with operational teams.

More in Dahua

View all
CVE-2017-7925 CRITICAL POC
9.8 May 06

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,

CVE-2013-6117 HIGH POC
7.5 Jul 11

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio

CVE-2013-3612 CRITICAL POC
10.0 Sep 17

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which

CVE-2013-3614 CRITICAL POC
9.3 Sep 17

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to o

CVE-2013-3613 HIGH POC
7.8 Sep 17

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access

CVE-2023-3836 CRITICAL POC
9.8 Jul 22

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity

CVE-2021-33045 CRITICAL POC
9.8 Sep 15

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s

CVE-2021-33044 CRITICAL POC
9.8 Sep 15

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s

CVE-2013-3615 HIGH POC
7.8 Sep 17

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent

CVE-2017-7253 HIGH POC
8.8 Mar 30

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerabi

CVE-2017-7927 HIGH POC
7.3 May 06

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC

CVE-2019-3948 HIGH POC
7.5 Jul 29

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0

Share

CVE-2026-29115 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy