CVE-2026-29116

Summary

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
DahuaIPC/SD/NVR/XVR/EVS/VTO/VTH/ASI/TPCAffected products are limited to certain models of IPC, SD, NVR, XVR, EVS, VTO, VTH, ASI, and TPC devices with versions built before March 26, 2026.affected

Weaknesses

  • CWE-617: CWE-617

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References