Skip to main content

Dahua IPC/NVR Devices CVE-2026-29116

| EUVDEUVD-2026-35990 HIGH
Reachable Assertion (CWE-617)
2026-06-10 dahua GHSA-6jj8-ccgg-jxw2
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 10, 2026 - 09:20 vuln.today
CVSS changed
Jun 10, 2026 - 07:22 NVD
8.7 (HIGH)
CVE Published
Jun 10, 2026 - 06:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

AnalysisAI

Remote denial-of-service in multiple Dahua video surveillance product lines (IPC, SD, NVR, XVR, EVS, VTO, VTH, ASI, TPC) allows unauthenticated network attackers to send a specially crafted packet that triggers an unhandled exception (CWE-617), forcing the device into an unexpected reboot. The CVSS 4.0 score of 8.7 reflects high availability impact with no required privileges or user interaction, and no public exploit identified at time of analysis.

Technical ContextAI

The flaw is classified as CWE-617 (Reachable Assertion), meaning a network-reachable code path contains an assertion or unhandled exception condition that an attacker can deliberately trigger with malformed input. The affected devices span Dahua's surveillance ecosystem - IP cameras (IPC), speed domes (SD), network/digital/hybrid video recorders (NVR, XVR, EVS), video intercom stations (VTO, VTH), access control (ASI), and thermal cameras (TPC) - all sharing a common firmware lineage indicated by the consolidated CPE string cpe:2.3:a:dahua:ipc/sd/nvr/xvr/evs/vto/vth/asi/tpc:*. These devices typically expose proprietary management protocols and ONVIF/RTSP services on the network, providing the attack surface for the crafted packet.

RemediationAI

Upgrade affected Dahua devices to firmware built on or after March 26, 2026, as published in Dahua PSIRT advisory DHCC-SA-202606-001 (https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001); the advisory is the authoritative source for the per-model build numbers since the input data does not enumerate exact fixed versions. Until firmware is applied, restrict management and streaming ports (typically TCP 37777/Dahua proprietary, 554/RTSP, 80/443, and 8000) to trusted management subnets via firewall ACLs, place all surveillance equipment on an isolated VLAN with no inbound internet exposure, and remove any NAT/port-forward rules pointing at these devices - the trade-off is loss of remote mobile-app access, which can be restored via VPN. Increase monitoring for unexpected device reboots as a detection signal for in-progress exploitation.

More in Dahua

View all
CVE-2017-7925 CRITICAL POC
9.8 May 06

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,

CVE-2013-6117 HIGH POC
7.5 Jul 11

Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio

CVE-2013-3612 CRITICAL POC
10.0 Sep 17

Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which

CVE-2013-3614 CRITICAL POC
9.3 Sep 17

Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to o

CVE-2013-3613 HIGH POC
7.8 Sep 17

Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access

CVE-2023-3836 CRITICAL POC
9.8 Jul 22

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity

CVE-2021-33045 CRITICAL POC
9.8 Sep 15

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s

CVE-2021-33044 CRITICAL POC
9.8 Sep 15

The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s

CVE-2013-3615 HIGH POC
7.8 Sep 17

Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent

CVE-2017-7253 HIGH POC
8.8 Mar 30

Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerabi

CVE-2017-7927 HIGH POC
7.3 May 06

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC

CVE-2019-3948 HIGH POC
7.5 Jul 29

The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0

Share

CVE-2026-29116 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy