critical
9.8
CWE
330
Advisory Published
Updated

CVE-2020-9502

First published: Wed May 13 2020(Updated: )

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

Credit: cybersecurity@dahuatech.com

Affected SoftwareAffected VersionHow to fix
Dahua Security SD6AL Firmware<2019-12
Dahua Security SD6AL
Dahua Security SD5A Firmware<2019-12
Dahua Security SD5A Firmware
Dahuasecurity Sd1a1<2019-12
Dahuasecurity SD1A
Dahua Security PTZ1A<2019-12
Dahua Security PTZ1A
Dahuasecurity Sd50 Firmware<2019-12
Dahuasecurity Sd50 Firmware
Dahuasecurity Sd52c Firmware<2019-12
Dahuasecurity Sd52c Firmware
Dahuasecurity IPC-HX5842H<2019-12
Dahuasecurity IPC-HX5842H
Dahuasecurity IPC-HX7842H<2019-12
Dahuasecurity IPC-HX7842H Firmware
Dahuasecurity IPC-HX2XXX<2019-12
Dahuasecurity IPC-HX2XXX Firmware
Dahua IPC-HXXX5X4X<2019-12
Dahua IPC-HXXX5X4X
Dahua Security N42B1P Firmware<2019-12
Dahua Security N42B1P Firmware
Dahuasecurity N42b2p<2019-12
Dahuasecurity N42b2p Firmware
Dahuasecurity N42B3P<2019-12
Dahuasecurity N42b3p Firmware
Dahua Security N52A4P Firmware<2019-12
Dahua Security N52A4P Firmware
Dahua N54a4p<2019-12
Dahuasecurity N54a4p Firmware
Dahuasecurity N52b2p<2019-12
Dahuasecurity N52b2p Firmware
Dahua N52B5P Firmware<2019-12
Dahua N52B5P Firmware
Dahua N52B3P<2019-12
Dahua N52B3P
Dahuasecurity N54b2p<2019-12
Dahuasecurity N54b2p Firmware
Dahua Security IPC-HDBW1320E-W<2019-12
Dahuasecurity IPC-HDBW1320E-W Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-9502?

    CVE-2020-9502 is a vulnerability found in some Dahua products with build time before December 2019, which allows attackers to use a predictable Session ID to construct a data packet to attack the device.

  • Which Dahua products are affected by CVE-2020-9502?

    Some Dahua products with build time before December 2019 are affected by CVE-2020-9502, including Dahuasecurity Sd6al Firmware, Dahuasecurity Sd5a Firmware, Dahuasecurity Sd1a Firmware, Dahuasecurity Ptz1a Firmware, Dahuasecurity Sd50 Firmware, Dahuasecurity Sd52.c Firmware, Dahuasecurity Ipc-hx5842h Firmware, Dahuasecurity Ipc-hx7842h Firmware, Dahuasecurity Ipc-hx2xxx Firmware, Dahuasecurity Ipc-hxxx5x4x Firmware, Dahuasecurity N42b1p Firmware, Dahuasecurity N42b2p Firmware, Dahuasecurity N42b3p Firmware, Dahuasecurity N52a4p Firmware, Dahuasecurity N54a4p Firmware, Dahuasecurity N52b2p Firmware, Dahuasecurity N52b5p Firmware, Dahuasecurity N52b3p Firmware, Dahuasecurity N54b2p Firmware, and Dahuasecurity Ipc-hdbw1320e-w Firmware.

  • What is the severity of CVE-2020-9502?

    The severity of CVE-2020-9502 is critical, with a CVSS score of 9.8.

  • How can an attacker exploit CVE-2020-9502?

    An attacker can exploit CVE-2020-9502 by using the predicted Session ID to construct a data packet to launch an attack on the device.

  • Where can I find more information about CVE-2020-9502?

    You can find more information about CVE-2020-9502 on the Dahua Security website at the following link: [https://www.dahuasecurity.com/support/cybersecurity/details/777](https://www.dahuasecurity.com/support/cybersecurity/details/777)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203