Description
A vulnerability has been found in some Dahua products could
allow an unauthenticated remote attacker to send a specially crafted packet,
triggering an exception that causes the system to reboot unexpectedly,
resulting in a denial of service.
Published: 2026-06-10
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is classified as CWE‑617, which involves input that can trigger an exception when processed. An unauthenticated attacker can send a specially crafted packet over the network, causing the system to reboot unexpectedly. This loss of availability interrupts surveillance and security functions, as the device requires a full reboot to recover.

Affected Systems

This flaw affects a range of Dahua products, including IPC/SD/NVR/XVR/EVS/VTO/VTH/ASI/TPC models. The affected devices are part of Dahua’s surveillance product line; specific firmware or hardware versions are not listed, but the advisory notes that several models are impacted.

Risk and Exploitability

The CVSS score of 8.7 classifies this vulnerability as high severity. The EPSS score is not available, so the current exploitation probability cannot be quantified, and the vulnerability is not yet listed in CISA’s KEV catalog. The likely attack vector is an unauthenticated remote attacker who can send the crafted packet over the network. If successful, the device will reboot immediately, disrupting services until the device recovers. The absence of authentication or input validation allows the exploitation without privileged access.

Generated by OpenCVE AI on June 10, 2026 at 07:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to the latest version released by Dahua as per the security advisory.
  • Limit network traffic to the device by configuring firewall rules or VLAN segmentation to restrict access to only trusted sources.
  • Monitor the device for sudden reboots; if frequent unplanned reboots occur, investigate for possible exploitation and consider isolating the unit until a patch is applied.

Generated by OpenCVE AI on June 10, 2026 at 07:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 08:15:00 +0000

Type Values Removed Values Added
Title Device Reboot via Crafted Packet Leading to Denial of Service on Dahua Products

Wed, 10 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.
Weaknesses CWE-617
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: dahua

Published:

Updated: 2026-06-10T06:16:34.173Z

Reserved: 2026-03-04T03:32:28.881Z

Link: CVE-2026-29116

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T07:16:25.143

Modified: 2026-06-10T07:16:25.143

Link: CVE-2026-29116

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T08:00:12Z

Weaknesses