critical
9.8
CWE
330
Advisory Published
Updated

CVE-2020-9502

First published: Wed May 13 2020(Updated: )

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

Credit: cybersecurity@dahuatech.com

Affected SoftwareAffected VersionHow to fix
Dahuasecurity Sd6al Firmware<2019-12
Dahuasecurity Sd6al
Dahuasecurity Sd5a Firmware<2019-12
Dahuasecurity Sd5a
Dahuasecurity Sd1a Firmware<2019-12
Dahuasecurity Sd1a
Dahuasecurity Ptz1a Firmware<2019-12
Dahuasecurity Ptz1a
Dahuasecurity Sd50 Firmware<2019-12
Dahuasecurity Sd50
Dahuasecurity Sd52c Firmware<2019-12
Dahuasecurity Sd52c
Dahuasecurity Ipc-hx5842h Firmware<2019-12
Dahuasecurity Ipc-hx5842h
Dahuasecurity Ipc-hx7842h Firmware<2019-12
Dahuasecurity Ipc-hx7842h
Dahuasecurity Ipc-hx2xxx Firmware<2019-12
Dahuasecurity Ipc-hx2xxx
Dahuasecurity Ipc-hxxx5x4x Firmware<2019-12
Dahuasecurity Ipc-hxxx5x4x
Dahuasecurity N42b1p Firmware<2019-12
Dahuasecurity N42b1p
Dahuasecurity N42b2p Firmware<2019-12
Dahuasecurity N42b2p
Dahuasecurity N42b3p Firmware<2019-12
Dahuasecurity N42b3p
Dahuasecurity N52a4p Firmware<2019-12
Dahuasecurity N52a4p
Dahuasecurity N54a4p Firmware<2019-12
Dahuasecurity N54a4p
Dahuasecurity N52b2p Firmware<2019-12
Dahuasecurity N52b2p
Dahuasecurity N52b5p Firmware<2019-12
Dahuasecurity N52b5p
Dahuasecurity N52b3p Firmware<2019-12
Dahuasecurity N52b3p
Dahuasecurity N54b2p Firmware<2019-12
Dahuasecurity N54b2p
Dahuasecurity Ipc-hdbw1320e-w Firmware<2019-12
Dahuasecurity Ipc-hdbw1320e-w

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-9502?

    CVE-2020-9502 is a vulnerability found in some Dahua products with build time before December 2019, which allows attackers to use a predictable Session ID to construct a data packet to attack the device.

  • Which Dahua products are affected by CVE-2020-9502?

    Some Dahua products with build time before December 2019 are affected by CVE-2020-9502, including Dahuasecurity Sd6al Firmware, Dahuasecurity Sd5a Firmware, Dahuasecurity Sd1a Firmware, Dahuasecurity Ptz1a Firmware, Dahuasecurity Sd50 Firmware, Dahuasecurity Sd52.c Firmware, Dahuasecurity Ipc-hx5842h Firmware, Dahuasecurity Ipc-hx7842h Firmware, Dahuasecurity Ipc-hx2xxx Firmware, Dahuasecurity Ipc-hxxx5x4x Firmware, Dahuasecurity N42b1p Firmware, Dahuasecurity N42b2p Firmware, Dahuasecurity N42b3p Firmware, Dahuasecurity N52a4p Firmware, Dahuasecurity N54a4p Firmware, Dahuasecurity N52b2p Firmware, Dahuasecurity N52b5p Firmware, Dahuasecurity N52b3p Firmware, Dahuasecurity N54b2p Firmware, and Dahuasecurity Ipc-hdbw1320e-w Firmware.

  • What is the severity of CVE-2020-9502?

    The severity of CVE-2020-9502 is critical, with a CVSS score of 9.8.

  • How can an attacker exploit CVE-2020-9502?

    An attacker can exploit CVE-2020-9502 by using the predicted Session ID to construct a data packet to launch an attack on the device.

  • Where can I find more information about CVE-2020-9502?

    You can find more information about CVE-2020-9502 on the Dahua Security website at the following link: [https://www.dahuasecurity.com/support/cybersecurity/details/777](https://www.dahuasecurity.com/support/cybersecurity/details/777)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203