Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionNVD
A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.
AnalysisAI
Remote denial-of-service in multiple Dahua video surveillance product lines (IPC, SD, NVR, XVR, EVS, VTO, VTH, ASI, TPC) allows unauthenticated network attackers to send a specially crafted packet that triggers an unhandled exception (CWE-617), forcing the device into an unexpected reboot. The CVSS 4.0 score of 8.7 reflects high availability impact with no required privileges or user interaction, and no public exploit identified at time of analysis.
Technical ContextAI
The flaw is classified as CWE-617 (Reachable Assertion), meaning a network-reachable code path contains an assertion or unhandled exception condition that an attacker can deliberately trigger with malformed input. The affected devices span Dahua's surveillance ecosystem - IP cameras (IPC), speed domes (SD), network/digital/hybrid video recorders (NVR, XVR, EVS), video intercom stations (VTO, VTH), access control (ASI), and thermal cameras (TPC) - all sharing a common firmware lineage indicated by the consolidated CPE string cpe:2.3:a:dahua:ipc/sd/nvr/xvr/evs/vto/vth/asi/tpc:*. These devices typically expose proprietary management protocols and ONVIF/RTSP services on the network, providing the attack surface for the crafted packet.
RemediationAI
Upgrade affected Dahua devices to firmware built on or after March 26, 2026, as published in Dahua PSIRT advisory DHCC-SA-202606-001 (https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001); the advisory is the authoritative source for the per-model build numbers since the input data does not enumerate exact fixed versions. Until firmware is applied, restrict management and streaming ports (typically TCP 37777/Dahua proprietary, 554/RTSP, 80/443, and 8000) to trusted management subnets via firewall ACLs, place all surveillance equipment on an isolated VLAN with no inbound internet exposure, and remove any NAT/port-forward rules pointing at these devices - the trade-off is loss of remote mobile-app access, which can be restored via VPN. Increase monitoring for unexpected device reboots as a detection signal for in-progress exploitation.
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX,
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive informatio
Dahua DVR appliances have a hardcoded password for (1) the root account and (2) an unspecified "backdoor" account, which
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to o
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. Rated critical severity
The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s
The identity authentication bypass vulnerability found in some Dahua products during the login process. Rated critical s
Dahua DVR appliances use a password-hash algorithm with a short hash length, which makes it easier for context-dependent
Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. Rated high severity (CVSS 8.8), this vulnerabi
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0
Same weakness CWE-617 – Reachable Assertion
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35990
GHSA-6jj8-ccgg-jxw2