CVE-2020-9499: Buffer Overflow
First published: Thu Apr 09 2020(Updated: )
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
Credit: cybersecurity@dahuatech.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahuasecurity Sd6al Firmware | <2019-12 | |
| Dahuasecurity Sd6al | ||
| Dahuasecurity Sd5a Firmware | <2019-12 | |
| Dahuasecurity Sd5a | ||
| Dahuasecurity Sd1a Firmware | <2019-12 | |
| Dahuasecurity Sd1a | ||
| Dahuasecurity Ptz1a Firmware | <2019-12 | |
| Dahuasecurity Ptz1a | ||
| Dahuasecurity Sd50 Firmware | <2019-12 | |
| Dahuasecurity Sd50 | ||
| Dahuasecurity Sd52c Firmware | <2019-12 | |
| Dahuasecurity Sd52c | ||
| Dahuasecurity Ipc-hx5842h Firmware | <2019-12 | |
| Dahuasecurity Ipc-hx5842h | ||
| Dahuasecurity Ipc-hx7842h Firmware | <2019-12 | |
| Dahuasecurity Ipc-hx7842h | ||
| Dahuasecurity Ipc-hx2xxx Firmware | <2019-12 | |
| Dahuasecurity Ipc-hx2xxx | ||
| Dahuasecurity Ipc-hxxx5x4x Firmware | <2019-12 | |
| Dahuasecurity Ipc-hxxx5x4x | ||
| Dahuasecurity N42b1p Firmware | <2019-12 | |
| Dahuasecurity N42b1p | ||
| Dahuasecurity N42b2p Firmware | <2019-12 | |
| Dahuasecurity N42b2p | ||
| Dahuasecurity N42b3p Firmware | <2019-12 | |
| Dahuasecurity N42b3p | ||
| Dahuasecurity N52a4p Firmware | <2019-12 | |
| Dahuasecurity N52a4p | ||
| Dahuasecurity N54a4p Firmware | <2019-12 | |
| Dahua N54a4p | ||
| Dahuasecurity N52b2p Firmware | <2019-12 | |
| Dahuasecurity N52b2p | ||
| Dahuasecurity N52b5p Firmware | <2019-12 | |
| Dahuasecurity N52b5p | ||
| Dahuasecurity N52b3p Firmware | <2019-12 | |
| Dahuasecurity N52b3p | ||
| Dahuasecurity N54b2p Firmware | <2019-12 | |
| Dahuasecurity N54b2p |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2020-9499.
What is the severity of CVE-2020-9499?
The severity of CVE-2020-9499 is high with a CVSS score of 7.2.
Which Dahua products are affected by CVE-2020-9499?
Some Dahua products, including Dahuasecurity Sd6al Firmware and Dahuasecurity Sd5a Firmware, are affected by CVE-2020-9499.
How can the attacker exploit CVE-2020-9499?
The attacker can exploit CVE-2020-9499 by sending a specific DDNS test command after successfully logging in to the device.
What is the fix for CVE-2020-9499?
To fix CVE-2020-9499, it is recommended to update the affected Dahua products to a version released after December 2019.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dahuasecurity
- canonical/dahuasecurity sd6al firmware
- canonical/dahuasecurity sd6al
- canonical/dahuasecurity sd5a firmware
- canonical/dahuasecurity sd5a
- canonical/dahuasecurity sd1a firmware
- canonical/dahuasecurity sd1a
- canonical/dahuasecurity ptz1a firmware
- canonical/dahuasecurity ptz1a
- canonical/dahuasecurity sd50 firmware
- canonical/dahuasecurity sd50
- canonical/dahuasecurity sd52c firmware
- canonical/dahuasecurity sd52c
- canonical/dahuasecurity ipc-hx5842h firmware
- canonical/dahuasecurity ipc-hx5842h
- canonical/dahuasecurity ipc-hx7842h firmware
- canonical/dahuasecurity ipc-hx7842h
- canonical/dahuasecurity ipc-hx2xxx firmware
- canonical/dahuasecurity ipc-hx2xxx
- canonical/dahuasecurity ipc-hxxx5x4x firmware
- canonical/dahuasecurity ipc-hxxx5x4x
- canonical/dahuasecurity n42b1p firmware
- canonical/dahuasecurity n42b1p
- canonical/dahuasecurity n42b2p firmware
- canonical/dahuasecurity n42b2p
- canonical/dahuasecurity n42b3p firmware
- canonical/dahuasecurity n42b3p
- canonical/dahuasecurity n52a4p firmware
- canonical/dahuasecurity n52a4p
- canonical/dahuasecurity n54a4p firmware
- vendor/dahua
- canonical/dahua n54a4p
- canonical/dahuasecurity n52b2p firmware
- canonical/dahuasecurity n52b2p
- canonical/dahuasecurity n52b5p firmware
- canonical/dahuasecurity n52b5p
- canonical/dahuasecurity n52b3p firmware
- canonical/dahuasecurity n52b3p
- canonical/dahuasecurity n54b2p firmware
- canonical/dahuasecurity n54b2p