What is CVE-2020-9500?

CVE-2020-9500 is a vulnerability that affects some products of Dahua, allowing an attacker to cause a Denial of Service (DoS) by sending a specific log query command after a successful login.

Which products of Dahua are affected by CVE-2020-9500?

The following Dahua products are affected by CVE-2020-9500: Dahuasecurity Sd6al Firmware (up to version 2019-12), Dahuasecurity Sd5a Firmware (up to version 2019-12), Dahuasecurity Sd1a Firmware (up to version 2019-12), Dahuasecurity Ptz1a Firmware (up to version 2019-12), Dahuasecurity Sd50 Firmware (up to version 2019-12), Dahuasecurity Sd52c Firmware (up to version 2019-12), Dahuasecurity Ipc-hx5842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx7842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx2xxx Firmware (up to version 2019-12), Dahuasecurity Ipc-hxxx5x4x Firmware (up to version 2019-12), Dahuasecurity N42b1p Firmware (up to version 2019-12), Dahuasecurity N42b2p Firmware (up to version 2019-12), Dahuasecurity N42b3p Firmware (up to version 2019-12), Dahuasecurity N52a4p Firmware (up to version 2019-12), Dahuasecurity N54a4p Firmware (up to version 2019-12), Dahuasecurity N52b2p Firmware (up to version 2019-12), Dahuasecurity N52b5p Firmware (up to version 2019-12), and Dahuasecurity N52b3p Firmware (up to version 2019-12).

What is the severity of CVE-2020-9500?

The severity of CVE-2020-9500 is medium with a CVSS score of 4.9.

How does CVE-2020-9500 work?

After a successful login with a legal account, an attacker can send a specific log query command to the vulnerable Dahua products, causing a Denial of Service (DoS) and potentially making the device go down.

Is there a fix for CVE-2020-9500?

Currently, there is no known fix or patch for CVE-2020-9500. It is recommended to follow the mitigation steps provided by the vendor and keep the affected products up to date.

Vulnerability/
CVE-2020-9500

medium

4.9

9/4/2020

4/8/2024

CVE-2020-9500

First published: Thu Apr 09 2020(Updated: )

Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.

Credit: cybersecurity@dahuatech.com

Affected Software	Affected Version	How to fix
Dahuasecurity Sd6al Firmware	<2019-12
Dahuasecurity Sd6al
Dahuasecurity Sd5a Firmware	<2019-12
Dahuasecurity Sd5a
Dahuasecurity Sd1a Firmware	<2019-12
Dahuasecurity Sd1a
Dahuasecurity Ptz1a Firmware	<2019-12
Dahuasecurity Ptz1a
Dahuasecurity Sd50 Firmware	<2019-12
Dahuasecurity Sd50
Dahuasecurity Sd52c Firmware	<2019-12
Dahuasecurity Sd52c
Dahuasecurity Ipc-hx5842h Firmware	<2019-12
Dahuasecurity Ipc-hx5842h
Dahuasecurity Ipc-hx7842h Firmware	<2019-12
Dahuasecurity Ipc-hx7842h
Dahuasecurity Ipc-hx2xxx Firmware	<2019-12
Dahuasecurity Ipc-hx2xxx
Dahuasecurity Ipc-hxxx5x4x Firmware	<2019-12
Dahuasecurity Ipc-hxxx5x4x
Dahuasecurity N42b1p Firmware	<2019-12
Dahuasecurity N42b1p
Dahuasecurity N42b2p Firmware	<2019-12
Dahuasecurity N42b2p
Dahuasecurity N42b3p Firmware	<2019-12
Dahuasecurity N42b3p
Dahuasecurity N52a4p Firmware	<2019-12
Dahuasecurity N52a4p
Dahuasecurity N54a4p Firmware	<2019-12
Dahua N54a4p
Dahuasecurity N52b2p Firmware	<2019-12
Dahuasecurity N52b2p
Dahuasecurity N52b5p Firmware	<2019-12
Dahuasecurity N52b5p
Dahuasecurity N52b3p Firmware	<2019-12
Dahuasecurity N52b3p
Dahuasecurity N54b2p Firmware	<2019-12
Dahuasecurity N54b2p

Never miss a vulnerability like this again

Reference Links

https://www.dahuasecurity.com/support/cybersecurity/details/727

Frequently Asked Questions

What is CVE-2020-9500?
CVE-2020-9500 is a vulnerability that affects some products of Dahua, allowing an attacker to cause a Denial of Service (DoS) by sending a specific log query command after a successful login.
Which products of Dahua are affected by CVE-2020-9500?
The following Dahua products are affected by CVE-2020-9500: Dahuasecurity Sd6al Firmware (up to version 2019-12), Dahuasecurity Sd5a Firmware (up to version 2019-12), Dahuasecurity Sd1a Firmware (up to version 2019-12), Dahuasecurity Ptz1a Firmware (up to version 2019-12), Dahuasecurity Sd50 Firmware (up to version 2019-12), Dahuasecurity Sd52c Firmware (up to version 2019-12), Dahuasecurity Ipc-hx5842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx7842h Firmware (up to version 2019-12), Dahuasecurity Ipc-hx2xxx Firmware (up to version 2019-12), Dahuasecurity Ipc-hxxx5x4x Firmware (up to version 2019-12), Dahuasecurity N42b1p Firmware (up to version 2019-12), Dahuasecurity N42b2p Firmware (up to version 2019-12), Dahuasecurity N42b3p Firmware (up to version 2019-12), Dahuasecurity N52a4p Firmware (up to version 2019-12), Dahuasecurity N54a4p Firmware (up to version 2019-12), Dahuasecurity N52b2p Firmware (up to version 2019-12), Dahuasecurity N52b5p Firmware (up to version 2019-12), and Dahuasecurity N52b3p Firmware (up to version 2019-12).
What is the severity of CVE-2020-9500?
The severity of CVE-2020-9500 is medium with a CVSS score of 4.9.
How does CVE-2020-9500 work?
After a successful login with a legal account, an attacker can send a specific log query command to the vulnerable Dahua products, causing a Denial of Service (DoS) and potentially making the device go down.
Is there a fix for CVE-2020-9500?
Currently, there is no known fix or patch for CVE-2020-9500. It is recommended to follow the mitigation steps provided by the vendor and keep the affected products up to date.

collector/nvd-index
agent/author
agent/severity
agent/references
agent/type
agent/event
agent/description
agent/tags
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/dahuasecurity
canonical/dahuasecurity sd6al firmware
canonical/dahuasecurity sd6al
canonical/dahuasecurity sd5a firmware
canonical/dahuasecurity sd5a
canonical/dahuasecurity sd1a firmware
canonical/dahuasecurity sd1a
canonical/dahuasecurity ptz1a firmware
canonical/dahuasecurity ptz1a
canonical/dahuasecurity sd50 firmware
canonical/dahuasecurity sd50
canonical/dahuasecurity sd52c firmware
canonical/dahuasecurity sd52c
canonical/dahuasecurity ipc-hx5842h firmware
canonical/dahuasecurity ipc-hx5842h
canonical/dahuasecurity ipc-hx7842h firmware
canonical/dahuasecurity ipc-hx7842h
canonical/dahuasecurity ipc-hx2xxx firmware
canonical/dahuasecurity ipc-hx2xxx
canonical/dahuasecurity ipc-hxxx5x4x firmware
canonical/dahuasecurity ipc-hxxx5x4x
canonical/dahuasecurity n42b1p firmware
canonical/dahuasecurity n42b1p
canonical/dahuasecurity n42b2p firmware
canonical/dahuasecurity n42b2p
canonical/dahuasecurity n42b3p firmware
canonical/dahuasecurity n42b3p
canonical/dahuasecurity n52a4p firmware
canonical/dahuasecurity n52a4p
canonical/dahuasecurity n54a4p firmware
vendor/dahua
canonical/dahua n54a4p
canonical/dahuasecurity n52b2p firmware
canonical/dahuasecurity n52b2p
canonical/dahuasecurity n52b5p firmware
canonical/dahuasecurity n52b5p
canonical/dahuasecurity n52b3p firmware
canonical/dahuasecurity n52b3p
canonical/dahuasecurity n54b2p firmware
canonical/dahuasecurity n54b2p