CVE-2026-29114 | THREATINT

Description

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.

PUBLISHED Reserved 2026-03-04 | Published 2026-06-10 | Updated 2026-06-10 | Assigner dahua

LOW: 2.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-538 Insertion of sensitive information into Externally-Accessible file or directory

Product status

Default status

unaffected

Some IPC models are affected, specifically those with a build date before April 15, 2026. (date)

affected

References

www.dahuasecurity.com/...lities-found-in-some-dahua-products

cve.org (CVE-2026-29114)

nvd.nist.gov (CVE-2026-29114)

Download JSON