Description
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.
Published: 2026-06-10
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated remote attacker can send a specially crafted packet to certain Dahua IPC/SD devices, triggering an exception in the system that forces an unexpected reboot. This reboot interrupts normal operation and results in a denial of service. The weakness is classified as CWE‑617, indicating a flaw related to incorrect handling of a null or uninitialized reference.

Affected Systems

The affected products are Dahua security cameras under the IPC/SD line. Specific model or firmware versions are not enumerated in the advisory; the impact applies to any device that falls within this product classification unless a vendor‑released fix has been applied.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.9, indicating moderate severity. No publicly available EPSS score was provided, and the issue is not listed in the CISA KEV catalog. The attack vector is remote but requires authentication, which suggests that a compromised user account or stolen credentials give the attacker the necessary access. Because the flaw causes an abrupt reboot rather than code execution, the exploit is limited to service disruption rather than data exfiltration or privilege escalation.

Generated by OpenCVE AI on June 10, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or security patch released by Dahua for the affected IPC/SD devices.
  • Restrict network access to the device; place it behind a firewall or in a segmented VLAN and limit connections only to trusted management interfaces.
  • Deploy monitoring to detect unscheduled reboots and generate alerts or trigger an automatic restart to reduce downtime.

Generated by OpenCVE AI on June 10, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Title Authenticated Remote Attacker Can Force System Reboot Causing Denial of Service

Wed, 10 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.
Weaknesses CWE-617
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dahua

Published:

Updated: 2026-06-10T06:08:21.119Z

Reserved: 2026-03-04T03:32:28.881Z

Link: CVE-2026-29115

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T07:16:25.027

Modified: 2026-06-10T07:16:25.027

Link: CVE-2026-29115

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T07:30:25Z

Weaknesses