CVE-2026-29114
2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Summary
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dahua | IPC | Some IPC models are affected, specifically those with a build date before April 15, 2026. | affected |
Weaknesses
- CWE-538: CWE-538 Insertion of sensitive information into Externally-Accessible file or directory
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.