Vendor
A low-severity certificate-trust vulnerability (CVE-2026-29114) has been identified in select Dahua IPC (IP camera) models with firmware builds before April 15, 2026. A remote attacker can obtain the device's internal CA root certificate, which, if trusted by client workstations, browsers, or middleware, allows the attacker to mint fraudulent X.509 certificates, enabling person-in-the-middle (MITM) attacks against HTTPS or TLS-protected sessions, undermining confidentiality and integrity, with related CVEs for different impacts. Remediation involves upgrading firmware and removing improperly trusted device CAs from client trust stores.