6
CVEs
2
Critical
1
High
0
KEV
0
PoC
3
Unpatched C/H
0.0%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
1
MEDIUM
1
LOW
2
Monthly CVE Trend
Affected Products (30)
Dhi Dss7016D S2 Firmware
12
Dhi Dss7016Dr S2 Firmware
12
Dss Professional
12
Dhi Dss4004 S2 Firmware
12
Dss Express
12
Nvr4832 4Ks2 I Firmware
7
Nvr4108Hs 8P 4Ks2 L Firmware
7
Nvr4816 16P 4Ks2 I Firmware
7
Nvr4108 8P 4Ks3 Firmware
7
Nvr4204 P 4Ks3 Firmware
7
Nvr4204 4Ks3 Firmware
7
Nvr4108Hs P 4Ks3 Firmware
7
Nvr4108 4Ks3 Firmware
7
Nvr4108Hs 4Ks2 L Firmware
7
Nvr4104Hs 4Ks2 L Firmware
7
Nvr4116Hs 8P 4Ks3 Firmware
7
Nvr4104Hs P 4Ks2 L Firmware
7
Nvr4232 4Ks3 Firmware
7
Nvr4208 4Ks3 Firmware
7
Nvr4204 P 4Ks2 L Firmware
7
Nvr4116 8P 4Ks3 Firmware
7
Nvr4108 P 4Ks2 L Firmware
7
Nvr4116Hs 4Ks2 L Firmware
7
Nvr4416 16P 4Ks2 I Firmware
7
Nvr4104Hs 4Ks3 Firmware
7
Nvr4216 4Ks2 L Firmware
7
Nvr4108 4Ks2 L Firmware
7
Nvr4104Hs P 4Ks3 Firmware
7
Nvr4232 4Ks2 L Firmware
7
Nvr4108Hs 4Ks3 960G Firmware
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2023-7309 | A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 1.2% | 51 |
No patch
|
| CVE-2026-29116 | Remote denial-of-service in multiple Dahua video surveillance product lines (IPC, SD, NVR, XVR, EVS, VTO, VTH, ASI, TPC) allows unauthenticated network attackers to send a specially crafted packet that triggers an unhandled exception (CWE-617), forcing the device into an unexpected reboot. The CVSS 4.0 score of 8.7 reflects high availability impact with no required privileges or user interaction, and no public exploit identified at time of analysis. | HIGH | 8.7 | 0.1% | 44 |
No patch
|
| CVE-2026-29115 | Denial of service in Dahua IPC and SD (Speed Dome) camera devices allows an authenticated remote attacker to trigger an unexpected system reboot by sending a specially crafted network packet. The vulnerability is vendor-reported under advisory DHCC-SA-202606-001 and affects specific IPC and SD models with firmware built before March 26, 2026. No public exploit code has been identified at time of analysis, and the attack requires high-privilege authentication (PR:H), materially limiting the realistic attacker population. | MEDIUM | 6.9 | 0.1% | 35 |
No patch
|
| CVE-2025-31703 | This vulnerability in Dahua NVR/XVR devices allows unauthenticated privilege escalation through the serial port console by bypassing shell authentication mechanisms. Affected devices include Dahua NVR2-4KS3, XVR4232AN-I/T, and XVR1B16H-I/T models with build dates prior to March 3, 2026. An attacker with physical access to the device can gain a restricted shell and escalate privileges to access sensitive system functions, though the CVSS 2.4 score reflects the requirement for physical proximity and lack of data availability impact. | LOW | 2.4 | 0.0% | 12 |
No patch
|
| CVE-2026-29114 | CA root certificate exposure in Dahua IPC devices allows unauthenticated network-based attackers, under specific prerequisite conditions, to retrieve the device's internal CA root certificate. If the obtained certificate is installed and trusted on client systems, the attacker could leverage it to issue fraudulent certificates recognized as valid by those clients, collapsing the integrity of affected certificate trust chains. No active exploitation has been confirmed (not in CISA KEV), no public exploit code has been identified, and the CVSS 4.0 score of 2.3 reflects the multi-step, user-dependent nature of the full attack chain. | LOW | 2.3 | 0.0% | 12 |
No patch
|
| CVE-2024-13985 | A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 10.0 | 0.3% | – |
No patch
|