CVE-2020-9499: Buffer Overflow
First published: Thu Apr 09 2020(Updated: )
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
Credit: cybersecurity@dahuatech.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahua Security SD6AL Firmware | <2019-12 | |
| Dahua Security SD6AL | ||
| Dahua Security SD5A Firmware | <2019-12 | |
| Dahua Security SD5A Firmware | ||
| Dahuasecurity Sd1a1 | <2019-12 | |
| Dahuasecurity SD1A | ||
| Dahua Security PTZ1A | <2019-12 | |
| Dahua Security PTZ1A | ||
| Dahuasecurity Sd50 Firmware | <2019-12 | |
| Dahuasecurity Sd50 Firmware | ||
| Dahuasecurity Sd52c Firmware | <2019-12 | |
| Dahuasecurity Sd52c Firmware | ||
| Dahuasecurity IPC-HX5842H | <2019-12 | |
| Dahuasecurity IPC-HX5842H | ||
| Dahuasecurity IPC-HX7842H | <2019-12 | |
| Dahuasecurity IPC-HX7842H Firmware | ||
| Dahuasecurity IPC-HX2XXX | <2019-12 | |
| Dahuasecurity IPC-HX2XXX Firmware | ||
| Dahua IPC-HXXX5X4X | <2019-12 | |
| Dahua IPC-HXXX5X4X | ||
| Dahua Security N42B1P Firmware | <2019-12 | |
| Dahua Security N42B1P Firmware | ||
| Dahuasecurity N42b2p | <2019-12 | |
| Dahuasecurity N42b2p Firmware | ||
| Dahuasecurity N42B3P | <2019-12 | |
| Dahuasecurity N42b3p Firmware | ||
| Dahua Security N52A4P Firmware | <2019-12 | |
| Dahua Security N52A4P Firmware | ||
| Dahua N54a4p | <2019-12 | |
| Dahuasecurity N54a4p | ||
| Dahuasecurity N52b2p | <2019-12 | |
| Dahuasecurity N52b2p Firmware | ||
| Dahua N52B5P Firmware | <2019-12 | |
| Dahua N52B5P Firmware | ||
| Dahua N52B3P | <2019-12 | |
| Dahua N52B3P | ||
| Dahuasecurity N54b2p | <2019-12 | |
| Dahuasecurity N54b2p Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2020-9499.
What is the severity of CVE-2020-9499?
The severity of CVE-2020-9499 is high with a CVSS score of 7.2.
Which Dahua products are affected by CVE-2020-9499?
Some Dahua products, including Dahuasecurity Sd6al Firmware and Dahuasecurity Sd5a Firmware, are affected by CVE-2020-9499.
How can the attacker exploit CVE-2020-9499?
The attacker can exploit CVE-2020-9499 by sending a specific DDNS test command after successfully logging in to the device.
What is the fix for CVE-2020-9499?
To fix CVE-2020-9499, it is recommended to update the affected Dahua products to a version released after December 2019.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dahuasecurity
- canonical/dahua security sd6al firmware
- canonical/dahua security sd6al
- canonical/dahua security sd5a firmware
- canonical/dahuasecurity sd1a1
- canonical/dahuasecurity sd1a
- canonical/dahua security ptz1a
- canonical/dahuasecurity sd50 firmware
- canonical/dahuasecurity sd52c firmware
- canonical/dahuasecurity ipc-hx5842h
- canonical/dahuasecurity ipc-hx7842h
- canonical/dahuasecurity ipc-hx7842h firmware
- canonical/dahuasecurity ipc-hx2xxx
- canonical/dahuasecurity ipc-hx2xxx firmware
- canonical/dahua ipc-hxxx5x4x
- canonical/dahua security n42b1p firmware
- canonical/dahuasecurity n42b2p
- canonical/dahuasecurity n42b2p firmware
- canonical/dahuasecurity n42b3p
- canonical/dahuasecurity n42b3p firmware
- canonical/dahua security n52a4p firmware
- canonical/dahua n54a4p
- vendor/dahua
- canonical/dahuasecurity n54a4p
- canonical/dahuasecurity n52b2p
- canonical/dahuasecurity n52b2p firmware
- canonical/dahua n52b5p firmware
- canonical/dahua n52b3p
- canonical/dahuasecurity n54b2p
- canonical/dahuasecurity n54b2p firmware