Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.
AnalysisAI
Denial of service in Dahua IPC and SD (Speed Dome) camera devices allows an authenticated remote attacker to trigger an unexpected system reboot by sending a specially crafted network packet. The vulnerability is vendor-reported under advisory DHCC-SA-202606-001 and affects specific IPC and SD models with firmware built before March 26, 2026. No public exploit code has been identified at time of analysis, and the attack requires high-privilege authentication (PR:H), materially limiting the realistic attacker population.
Technical ContextAI
The root cause is CWE-617 (Reachable Assertion): a code path in the device firmware contains an assertion that can be reached and triggered by attacker-controlled input in a crafted packet. When the assertion fires, the runtime terminates the current process or the entire firmware - on embedded platforms such as IP cameras and speed dome units, this manifests as an uncontrolled system reboot rather than a graceful service restart. The CVSS 4.0 vector (AV:N/AC:L/AT:N) confirms the vulnerable code path is reachable over the network with no special attack preconditions beyond authentication. The affected CPE cpe:2.3:a:dahua:ipc/sd identifies Dahua's IPC (IP Camera) and SD (Speed Dome) product lines as the impacted software/firmware families.
RemediationAI
The primary remediation is to update affected Dahua IPC and SD devices to firmware with a build date of March 26, 2026 or later, as indicated by the vendor advisory DHCC-SA-202606-001 (https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001). An exact patched firmware version number was not specified in the available data - operators should consult Dahua's PSIRT page or their device management portal to identify the correct build for each model. As a compensating control where immediate patching is not feasible, restrict management-plane network access to trusted IP ranges or VPN-segmented networks to limit the pool of accounts that can reach the vulnerable packet handler. Additionally, audit and minimize the number of accounts with high-privilege access to reduce the viable attacker surface. Note that restricting network access may affect remote administration workflows and should be coordinated with operational teams.
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to o
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity
The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s
The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerabi
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0
Same weakness CWE-617 – Reachable Assertion
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35989
GHSA-8v9p-fgh7-hrp2