How is CVE-2026-29116 exploited?

Network reachability (required): The attacker must reach the device over the network; the CVSS vector specifies AV:N, meaning the vulnerable service is exposed to network-based requests. Authentication (not-required): No credentials are needed; PR:N indicates the attacker can send the malicious packet without any account or session. Victim interaction (not-required): No user or operator action is required to trigger the vulnerability; UI:N means the attacker acts entirely without victim participation. Attack complexity (info): Attack complexity is low (AC:L), meaning the exploit is reliable and requires no special conditions, race timing, or environmental setup to succeed.

What is the impact of CVE-2026-29116?

The targeted device reboots unexpectedly, interrupting all camera feeds, recording, access-control decisions, or intercom sessions it was handling. Repeated exploitation keeps the device in a reboot loop, making it continuously unavailable for its security or monitoring function. Physical areas monitored or controlled by the affected device lose coverage or access enforcement for the duration of the outage.

Back to search

HIGHCVE-2026-29116Published 2026-06-10Modified 2026-06-10CNA dahua

CVE-2026-29116: A vulnerability has been found in some Dahua products could

A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A denial-of-service vulnerability affects a range of Dahua network-connected devices, including IP cameras (IPC), speed domes (SD), network video recorders (NVR/XVR/EVS), video intercoms (VTO/VTH), access control (ASI), and thermal cameras (TPC) running firmware built before March 26, 2026. An unauthenticated attacker reachable over the network can send a specially crafted packet that triggers an unhandled exception, forcing the device to reboot unexpectedly. Successful exploitation causes a denial of service by repeatedly crashing the targeted device. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment Dahua publishes a fix version.

HarborGuard Coverage

Detection

Detection for CVE-2026-29116 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images derived from affected Dahua firmware bases. Coverage applies automatically without manual configuration.

Available

Triage

HarborGuard scores this CVE at 8.7 HIGH using the CVSS v4.0 vector and weights it against each environment's compliance policy to determine urgency and routing. Findings are delivered to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

No fix version has been published by Dahua for this CVE. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression-test run, and a PR against affected workloads will be triggered without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the device over the network; the CVSS vector specifies AV:N, meaning the vulnerable service is exposed to network-based requests.
AuthenticationNot required
No credentials are needed; PR:N indicates the attacker can send the malicious packet without any account or session.
Victim interactionNot required
No user or operator action is required to trigger the vulnerability; UI:N means the attacker acts entirely without victim participation.
Attack complexityDetail
Attack complexity is low (AC:L), meaning the exploit is reliable and requires no special conditions, race timing, or environmental setup to succeed.

Blast Radius

The targeted device reboots unexpectedly, interrupting all camera feeds, recording, access-control decisions, or intercom sessions it was handling.
Repeated exploitation keeps the device in a reboot loop, making it continuously unavailable for its security or monitoring function.
Physical areas monitored or controlled by the affected device lose coverage or access enforcement for the duration of the outage.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively tracked with no fix version currently published by Dahua. HarborGuard re-evaluates the advisory on every ingest cycle so that the moment Dahua releases patched firmware, a rebuilt image at the fix version becomes available automatically. For customers with auto-remediation enabled, that triggers a full rebuild, regression-test run, and a PR opened against affected workloads without manual steps. In the meantime, compensating controls worth considering include network-policy isolation to restrict inbound access to affected device management ports to trusted IP ranges only, egress filtering to limit lateral reachability of the devices themselves, and tagging affected image variants in your pipeline policy to block promotion to production until a fix is available. HarborGuard will surface the patched rebuild immediately upon upstream publication.

See how HarborGuard automates this

Affected packages

Dahua / IPC/SD/NVR/XVR/EVS/VTO/VTH/ASI/TPC
Affected products are limited to certain models of IPC, SD, NVR, XVR, EVS, VTO, VTH, ASI, and TPC devices with versions built before March 26, 2026.

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

dahuasecurity.com

Metrics

Get notified