What is CVE-2020-9500?

CVE-2020-9500 is a vulnerability that affects some products of Dahua, allowing an attacker to cause a Denial of Service (DoS) by sending a specific log query command after a successful login.

Which products of Dahua are affected by CVE-2020-9500?

The following Dahua products are affected by CVE-2020-9500: Dahuasecurity Sd6al Firmware (up to version 2019-12), Dahuasecurity Sd5a Firmware (up to version 2019-12), Dahuasecurity Sd1a Firmware (up to version 2019-12), Dahuasecurity Ptz1a Firmware (up to version 2019-12), Dahuasecurity Sd50 Firmware (up to version 2019-12), Dahuasecurity Sd52c Firmware (up to version 2019-12), Dahuasecurity Ipc-hx5842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx7842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx2xxx Firmware (up to version 2019-12), Dahuasecurity Ipc-hxxx5x4x Firmware (up to version 2019-12), Dahuasecurity N42b1p Firmware (up to version 2019-12), Dahuasecurity N42b2p Firmware (up to version 2019-12), Dahuasecurity N42b3p Firmware (up to version 2019-12), Dahuasecurity N52a4p Firmware (up to version 2019-12), Dahuasecurity N54a4p Firmware (up to version 2019-12), Dahuasecurity N52b2p Firmware (up to version 2019-12), Dahuasecurity N52b5p Firmware (up to version 2019-12), and Dahuasecurity N52b3p Firmware (up to version 2019-12).

What is the severity of CVE-2020-9500?

The severity of CVE-2020-9500 is medium with a CVSS score of 4.9.

How does CVE-2020-9500 work?

After a successful login with a legal account, an attacker can send a specific log query command to the vulnerable Dahua products, causing a Denial of Service (DoS) and potentially making the device go down.

Is there a fix for CVE-2020-9500?

Currently, there is no known fix or patch for CVE-2020-9500. It is recommended to follow the mitigation steps provided by the vendor and keep the affected products up to date.

Vulnerability/
CVE-2020-9500

medium

4.9

9/4/2020

4/8/2024

CVE-2020-9500

First published: Thu Apr 09 2020(Updated: )

Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.

Credit: cybersecurity@dahuatech.com

Affected Software	Affected Version	How to fix
Dahua Security SD6AL Firmware	<2019-12
Dahua Security SD6AL
Dahua Security SD5A Firmware	<2019-12
Dahua Security SD5A Firmware
Dahuasecurity Sd1a1	<2019-12
Dahuasecurity SD1A
Dahua Security PTZ1A	<2019-12
Dahua Security PTZ1A
Dahuasecurity Sd50 Firmware	<2019-12
Dahuasecurity Sd50 Firmware
Dahuasecurity Sd52c Firmware	<2019-12
Dahuasecurity Sd52c Firmware
Dahuasecurity IPC-HX5842H	<2019-12
Dahuasecurity IPC-HX5842H
Dahuasecurity IPC-HX7842H	<2019-12
Dahuasecurity IPC-HX7842H Firmware
Dahuasecurity IPC-HX2XXX	<2019-12
Dahuasecurity IPC-HX2XXX Firmware
Dahua IPC-HXXX5X4X	<2019-12
Dahua IPC-HXXX5X4X
Dahua Security N42B1P Firmware	<2019-12
Dahua Security N42B1P Firmware
Dahuasecurity N42b2p	<2019-12
Dahuasecurity N42b2p Firmware
Dahuasecurity N42B3P	<2019-12
Dahuasecurity N42b3p Firmware
Dahua Security N52A4P Firmware	<2019-12
Dahua Security N52A4P Firmware
Dahua N54a4p	<2019-12
Dahuasecurity N54a4p
Dahuasecurity N52b2p	<2019-12
Dahuasecurity N52b2p Firmware
Dahua N52B5P Firmware	<2019-12
Dahua N52B5P Firmware
Dahua N52B3P	<2019-12
Dahua N52B3P
Dahuasecurity N54b2p	<2019-12
Dahuasecurity N54b2p Firmware

Never miss a vulnerability like this again

Reference Links

https://www.dahuasecurity.com/support/cybersecurity/details/727

Frequently Asked Questions

What is CVE-2020-9500?
CVE-2020-9500 is a vulnerability that affects some products of Dahua, allowing an attacker to cause a Denial of Service (DoS) by sending a specific log query command after a successful login.
Which products of Dahua are affected by CVE-2020-9500?
The following Dahua products are affected by CVE-2020-9500: Dahuasecurity Sd6al Firmware (up to version 2019-12), Dahuasecurity Sd5a Firmware (up to version 2019-12), Dahuasecurity Sd1a Firmware (up to version 2019-12), Dahuasecurity Ptz1a Firmware (up to version 2019-12), Dahuasecurity Sd50 Firmware (up to version 2019-12), Dahuasecurity Sd52c Firmware (up to version 2019-12), Dahuasecurity Ipc-hx5842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx7842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx2xxx Firmware (up to version 2019-12), Dahuasecurity Ipc-hxxx5x4x Firmware (up to version 2019-12), Dahuasecurity N42b1p Firmware (up to version 2019-12), Dahuasecurity N42b2p Firmware (up to version 2019-12), Dahuasecurity N42b3p Firmware (up to version 2019-12), Dahuasecurity N52a4p Firmware (up to version 2019-12), Dahuasecurity N54a4p Firmware (up to version 2019-12), Dahuasecurity N52b2p Firmware (up to version 2019-12), Dahuasecurity N52b5p Firmware (up to version 2019-12), and Dahuasecurity N52b3p Firmware (up to version 2019-12).
What is the severity of CVE-2020-9500?
The severity of CVE-2020-9500 is medium with a CVSS score of 4.9.
How does CVE-2020-9500 work?
After a successful login with a legal account, an attacker can send a specific log query command to the vulnerable Dahua products, causing a Denial of Service (DoS) and potentially making the device go down.
Is there a fix for CVE-2020-9500?
Currently, there is no known fix or patch for CVE-2020-9500. It is recommended to follow the mitigation steps provided by the vendor and keep the affected products up to date.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dahuasecurity
canonical/dahua security sd6al firmware
canonical/dahua security sd6al
canonical/dahua security sd5a firmware
canonical/dahuasecurity sd1a1
canonical/dahuasecurity sd1a
canonical/dahua security ptz1a
canonical/dahuasecurity sd50 firmware
canonical/dahuasecurity sd52c firmware
canonical/dahuasecurity ipc-hx5842h
canonical/dahuasecurity ipc-hx7842h
canonical/dahuasecurity ipc-hx7842h firmware
canonical/dahuasecurity ipc-hx2xxx
canonical/dahuasecurity ipc-hx2xxx firmware
canonical/dahua ipc-hxxx5x4x
canonical/dahua security n42b1p firmware
canonical/dahuasecurity n42b2p
canonical/dahuasecurity n42b2p firmware
canonical/dahuasecurity n42b3p
canonical/dahuasecurity n42b3p firmware
canonical/dahua security n52a4p firmware
canonical/dahua n54a4p
vendor/dahua
canonical/dahuasecurity n54a4p
canonical/dahuasecurity n52b2p
canonical/dahuasecurity n52b2p firmware
canonical/dahua n52b5p firmware
canonical/dahua n52b3p
canonical/dahuasecurity n54b2p
canonical/dahuasecurity n54b2p firmware