{"id":8443,"date":"2026-06-10T11:38:23","date_gmt":"2026-06-10T11:38:23","guid":{"rendered":"https:\/\/locaterisk.com\/de\/?p=8443"},"modified":"2026-06-10T11:38:23","modified_gmt":"2026-06-10T11:38:23","slug":"cve-2026-29116-dahua-denial-of-service","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/en\/cve-2026-29116-dahua-denial-of-service\/","title":{"rendered":"CVE-2026-29116: Denial-of-service vulnerability in Dahua products (CVSS 8.7)"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Back to Blog                <a href=\"https:\/\/locaterisk.com\/en\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">CVE-2026-29116: Denial-of-service vulnerability in Dahua products (CVSS 8.7)<\/h1>\r\n            <p class=\"paragraph\"><br>On June 10, 2026, the manufacturer Dahua Technology disclosed a vulnerability in many of its products, identified by the ID <strong>CVE-2026-29116<\/strong> is being conducted. With a CVSS 4.0 score of <strong>8.7<\/strong> it is referred to as <strong>high<\/strong> classified. The vulnerability allows an unauthenticated attacker to trigger an unexpected reboot of the target system by sending a specially crafted network packet, thereby causing a denial-of-service (DoS) condition.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png\" alt=\"\" class=\"wp-image-8442\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png 400w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured-300x300.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured-150x150.png 150w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured-12x12.png 12w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>Technical Details and Attack Vector<\/strong><\/h2>\n\n\n\n<p>According to the <a href=\"https:\/\/www.dahuasecurity.com\/about-dahua\/trust-center\/dahua-psirt\/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products\" target=\"_blank\" rel=\"noreferrer noopener\">Security Advisory from Dahua (DHCC-SA-202606-001)<\/a> The vulnerability can be exploited remotely without any authentication or user interaction. An attacker merely needs network access to a vulnerable device. The manipulated packet causes an exception in the device firmware, leading to an immediate reboot. Repeated attacks can permanently compromise the device\u2019s availability.<\/p>\n\n\n\n<p>The CVSS score <strong>CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:N\/VA:H\/SC:N\/SI:N\/SA:N<\/strong> confirms this:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AV:N (Attack Vector: Network):<\/strong> The attack is carried out over the network.<\/li>\n\n\n\n<li><strong>PR:N (Privileges Required: None):<\/strong> No login credentials or permissions are required.<\/li>\n\n\n\n<li><strong>VA:H (Vulnerable System Availability: High):<\/strong> The impact on system availability is significant.<\/li>\n<\/ul>\n\n\n\n<p>According to this assessment, data confidentiality and integrity are not affected. The primary source of information is currently the manufacturer\u2019s advisory, as the entry in the National Vulnerability Database (NVD) had not yet been updated with further details at the time of the analysis.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Affected systems and operational risks<\/strong><\/h2>\n\n\n\n<p>The vulnerability affects a wide range of IoT and OT systems that are widely used in physical security infrastructures. These include, among others:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IP cameras (IPC)<\/li>\n\n\n\n<li>Network and Digital Video Recorders (NVR, XVR)<\/li>\n\n\n\n<li>Enterprise Video Storage (EVS)<\/li>\n\n\n\n<li>Video door intercom systems (VTO\/VTH)<\/li>\n\n\n\n<li>Access Control Systems (ASI)<\/li>\n\n\n\n<li>Thermal cameras (TPC)<\/li>\n<\/ul>\n\n\n\n<p>Since the manufacturer has not yet specified any particular model series or firmware versions, it is difficult to identify the affected devices with certainty. The operational risk is significant: A DoS attack on surveillance cameras can create blind spots in security zones, while the failure of an access control system can block physical access to critical areas.<\/p>\n\n\n\n<p>CVE-2026-29116 is not the first security incident involving Dahua. In July 2025, critical vulnerabilities (CVE-2025-31700 and CVE-2025-31701, CVSS 8.1) were publicly disclosed in Dahua camera firmware, allowing unauthenticated attackers to execute remote code. In August 2024, the U.S. agency CISA warned of active exploitation of older Dahua authentication vulnerabilities (CVE-2021-33044 and CVE-2021-33045, CVSS 9.8) in the wild. These recurring incidents underscore the need for continuous vendor risk management for technology partners using Dahua products. Sources: SecurityAffairs\/Bitdefender (July 2025); SecurityWeek\/CISA KEV (August 2024).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Recommendations for Operators<\/strong><\/h2>\n\n\n\n<p>Companies should focus on reducing their attack surface and promptly install available firmware updates.<\/p>\n\n\n\n<p><strong>Immediate measures:<\/strong><\/p>\n\n\n\n<p>1.  <strong>Inventory:<\/strong> Identify all Dahua devices in your infrastructure. 2.  <strong>Exposure analysis:<\/strong> Check which of these devices can be accessed via the Internet. 3.  <strong>Network segmentation:<\/strong> Isolate critical security systems in protected network segments to prevent unauthorized access. 4.  <strong>Access restriction:<\/strong> Block network access to the devices' administrative services from untrusted networks.<\/p>\n\n\n\n<p><strong>Medium-term measures:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Update Management:<\/strong> Install the firmware updates provided by the manufacturer after carefully reviewing them. Continue to monitor the Dahua Cybersecurity Center (DHCC) for new security advisories.<\/li>\n\n\n\n<li><strong>Secure remote access:<\/strong> Make sure that remote access to these systems is only granted via secure connections, such as VPNs.<\/li>\n<\/ul>\n\n\n\n<p>This is particularly relevant for operators in the DACH region: Companies and government agencies that use Dahua devices in security-sensitive areas may fall under the NIS 2 Directive, which mandates network security measures for operators of critical infrastructure. If a DoS attack leads to an outage affecting personal data, the 72-hour reporting requirement under Article 33 of the GDPR also applies. The BSI generally recommends consistent network segmentation of IoT devices and their isolation from the corporate network.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How EASM and VRM Reduce the Risk of IoT Vulnerabilities<\/strong><\/h2>\n\n\n\n<p>The challenge with devices like those from Dahua is often that they exist as \u201eshadow IT\u201c outside of central IT management. They are installed by line-of-business departments or service providers and are often inadequately documented and secured\u2014making them simply invisible to the security team.<\/p>\n\n\n\n<p>One <strong>External Attack Surface Management (EASM)<\/strong> LocateRisk addresses this problem by continuously scanning a company\u2019s external, internet-connected infrastructure. This allows even unknown or forgotten assets\u2014such as cameras, video recorders, or access control systems\u2014to be identified and added to a comprehensive asset inventory. Exposed administrative services, open ports, and configuration drift become visible before attackers can exploit them\u2014regardless of whether a device has been recorded by central IT or not.<\/p>\n\n\n\n<p>In addition, continuous <strong>Vendor Risk Management (VRM)<\/strong> Assessing the security posture of suppliers and technology partners. Given the repeated security incidents at Dahua, structured monitoring of vendor security is a key component in realistically assessing one\u2019s own risk profile. LocateRisk is a \u201eMade in Germany\u201c solution hosted in German data centers that helps companies comply with GDPR requirements and reduce the risk associated with non-European data access.<\/p>\n\n\n\n<p><br><br>Sources and further information<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Sources<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dahua PSIRT Security Advisory (DHCC-SA-202606-001): <a href=\"https:\/\/www.dahuasecurity.com\/about-dahua\/trust-center\/dahua-psirt\/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products\" target=\"_blank\" rel=\"noreferrer noopener\">dahuasecurity.com<\/a><\/li>\n\n\n\n<li>NVD entry for CVE-2026-29116: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-29116\" target=\"_blank\" rel=\"noreferrer noopener\">nvd.nist.gov<\/a><\/li>\n\n\n\n<li>SecurityAffairs: Dahua Camera Vulnerabilities (CVE-2025-31700\/-31701), July 2025: <a href=\"https:\/\/securityaffairs.com\/180602\/hacking\/dahua-camera-flaws-allow-remote-hacking-update-firmware-now.html\" target=\"_blank\" rel=\"noreferrer noopener\">securityaffairs.com<\/a><\/li>\n\n\n\n<li>SecurityWeek: CISA Warns of Actively Exploited Dahua Vulnerabilities (CVE-2021-33044\/-33045), August 2024: <a href=\"https:\/\/www.securityweek.com\/cisa-warns-of-exploited-vulnerabilities-impacting-dahua-products\/\" target=\"_blank\" rel=\"noreferrer noopener\">securityweek.com<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Do you know your external attack surface?<\/strong><\/h2>\n\n\n\n<p>Continuous monitoring of your external IT systems is essential for identifying exposed devices and associated vulnerabilities at an early stage. LocateRisk provides a comprehensive analysis of your attack surface.<\/p>\n\n\n\n<p><a href=\"https:\/\/locaterisk.com\/en\/demo\/\" target=\"_blank\" rel=\"noreferrer noopener\">Request a free safety check<\/a><\/p>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Frequently asked questions<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>What is CVE-2026-29116?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">CVE-2026-29116 is a vulnerability in various Dahua Technology products that was disclosed by the manufacturer on June 10, 2026. It has a CVSS 4.0 score of 8.7 (High) and allows an unauthenticated attacker to remotely trigger an unexpected reboot of the target system by sending a specially crafted network packet, thereby causing a denial-of-service condition.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Which Dahua devices are affected?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">According to the manufacturer\u2019s advisory (DHCC-SA-202606-001), several product categories are affected, including IP cameras, network and digital video recorders (NVR, XVR), enterprise video storage, video door intercoms, access control systems, and thermal cameras. At the time of publication, Dahua had not yet specified any specific model series or affected firmware versions.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>How can I protect myself until a patch is available?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">The most important immediate measure is network segmentation: Dahua devices should be operated in isolated network segments and should not be directly accessible from the internet. Remote access should only be permitted via secure VPN connections. In addition, operators should actively monitor the Dahua Cybersecurity Center (DHCC) for new firmware updates.<\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Request your personal Live-Demo now<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"cve-2026-29116-dahua-denial-of-service\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"first name\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"last name\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Email\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p class=\"translation-block\">I agree with the <a href=\"https:\/\/locaterisk.com\/en\/datenschutz\/\" target=\"_self\">privacy policy<\/a>.<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Request a Demo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"en\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>Want to find out more, book a demo or simply exchange ideas? We look forward to hearing from you!<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Your personal consultant<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">CEO<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Get in Touch Now<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/en\/\">Home<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/about\/\">About Us<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/impressum\/\">Legal Notice<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/datenschutz\/\">Privacy<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/gtc.pdf\">General Terms and Conditions<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/en\/jobs\/\">Jobs<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/sec-information.pdf\">Security<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Trust Center<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Analysis of the critical vulnerability CVE-2026-29116 (CVSS 8.7) in Dahua products. An unauthenticated attack could result in a denial of service. Recommended actions.<\/p>","protected":false},"author":13,"featured_media":8442,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[637,638,143,145,92,163,147,115,199],"class_list":["post-8443","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogpost","tag-cve-2026-29116","tag-dahua","tag-denial-of-service","tag-dos","tag-easm","tag-iot-sicherheit","tag-netzwerksicherheit","tag-schwachstelle","tag-vrm"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7) - LocateRisk<\/title>\n<meta name=\"description\" content=\"Analyse der kritischen Schwachstelle CVE-2026-29116 (CVSS 8.7) in Dahua-Produkten. Ein unauthentifizierter Angriff kann zu einem Denial of Service f\u00fchren. Empfohlene Ma\u00dfnahmen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/en\/cve-2026-29116-dahua-denial-of-service\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7) - LocateRisk\" \/>\n<meta property=\"og:description\" content=\"Analyse der kritischen Schwachstelle CVE-2026-29116 (CVSS 8.7) in Dahua-Produkten. Ein unauthentifizierter Angriff kann zu einem Denial of Service f\u00fchren. Empfohlene Ma\u00dfnahmen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/en\/cve-2026-29116-dahua-denial-of-service\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-10T11:38:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Hoinkis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Hoinkis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"20 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/\"},\"author\":{\"name\":\"Kristina Hoinkis\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\"},\"headline\":\"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7)\",\"datePublished\":\"2026-06-10T11:38:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/\"},\"wordCount\":1186,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-29116-featured.png\",\"keywords\":[\"CVE-2026-29116\",\"Dahua\",\"Denial of Service\",\"DoS\",\"EASM\",\"IoT-Sicherheit\",\"Netzwerksicherheit\",\"Schwachstelle\",\"VRM\"],\"articleSection\":[\"Blog post\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/\",\"name\":\"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7) - LocateRisk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-29116-featured.png\",\"datePublished\":\"2026-06-10T11:38:23+00:00\",\"description\":\"Analyse der kritischen Schwachstelle CVE-2026-29116 (CVSS 8.7) in Dahua-Produkten. Ein unauthentifizierter Angriff kann zu einem Denial of Service f\u00fchren. Empfohlene Ma\u00dfnahmen.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-29116-featured.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/cve-2026-29116-featured.png\",\"width\":400,\"height\":400,\"caption\":\"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/cve-2026-29116-dahua-denial-of-service\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\",\"name\":\"Kristina Hoinkis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"caption\":\"Kristina Hoinkis\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7) - LocateRisk","description":"Analysis of the critical vulnerability CVE-2026-29116 (CVSS 8.7) in Dahua products. An unauthenticated attack could result in a denial of service. Recommended actions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/en\/cve-2026-29116-dahua-denial-of-service\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7) - LocateRisk","og_description":"Analyse der kritischen Schwachstelle CVE-2026-29116 (CVSS 8.7) in Dahua-Produkten. Ein unauthentifizierter Angriff kann zu einem Denial of Service f\u00fchren. Empfohlene Ma\u00dfnahmen.","og_url":"https:\/\/locaterisk.com\/en\/cve-2026-29116-dahua-denial-of-service\/","og_site_name":"LocateRisk","article_published_time":"2026-06-10T11:38:23+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png","type":"image\/png"}],"author":"Kristina Hoinkis","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kristina Hoinkis","Est. reading time":"20 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/"},"author":{"name":"Kristina Hoinkis","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32"},"headline":"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7)","datePublished":"2026-06-10T11:38:23+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/"},"wordCount":1186,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png","keywords":["CVE-2026-29116","Dahua","Denial of Service","DoS","EASM","IoT-Sicherheit","Netzwerksicherheit","Schwachstelle","VRM"],"articleSection":["Blog post"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/","url":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/","name":"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7) - LocateRisk","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png","datePublished":"2026-06-10T11:38:23+00:00","description":"Analysis of the critical vulnerability CVE-2026-29116 (CVSS 8.7) in Dahua products. An unauthenticated attack could result in a denial of service. Recommended actions.","breadcrumb":{"@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/06\/cve-2026-29116-featured.png","width":400,"height":400,"caption":"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7)"},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/cve-2026-29116-dahua-denial-of-service\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"CVE-2026-29116: Denial-of-Service-Schwachstelle in Dahua-Produkten (CVSS 8.7)"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Measure and compare IT security","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32","name":"Kristina Hoinkis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","caption":"Kristina Hoinkis"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/8443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/comments?post=8443"}],"version-history":[{"count":2,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/8443\/revisions"}],"predecessor-version":[{"id":8448,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/posts\/8443\/revisions\/8448"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media\/8442"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/media?parent=8443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/categories?post=8443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/en\/wp-json\/wp\/v2\/tags?post=8443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}