Vulnerabilites related to dahuasecurity - sd1a_firmware
cve-2019-9682
Vulnerability from cvelistv5
Published
2020-05-13 15:10
Modified
2024-08-04 21:54
Severity ?
Summary
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T21:54:45.174Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HDBW1320E-W",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Replay Attacks",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-13T15:10:43",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2019-9682",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HDBW1320E-W",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Replay Attacks",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2019-9682",
      datePublished: "2020-05-13T15:10:43",
      dateReserved: "2019-03-11T00:00:00",
      dateUpdated: "2024-08-04T21:54:45.174Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9502
Vulnerability from cvelistv5
Published
2020-05-13 15:21
Modified
2024-08-04 10:34
Severity ?
Summary
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:38.156Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HFW1431S",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Session hijacking",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-13T15:21:12",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2020-9502",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HFW1431S",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Session hijacking",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2020-9502",
      datePublished: "2020-05-13T15:21:12",
      dateReserved: "2020-03-01T00:00:00",
      dateUpdated: "2024-08-04T10:34:38.156Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9500
Vulnerability from cvelistv5
Published
2020-04-09 13:21
Modified
2024-08-04 10:34
Severity ?
Summary
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:37.927Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-09T13:21:01",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2020-9500",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2020-9500",
      datePublished: "2020-04-09T13:21:01",
      dateReserved: "2020-03-01T00:00:00",
      dateUpdated: "2024-08-04T10:34:37.927Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-9499
Vulnerability from cvelistv5
Published
2020-04-09 13:19
Modified
2024-08-04 10:34
Severity ?
Summary
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T10:34:38.218Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Versions which Build time before December,2019",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-09T13:19:23",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2020-9499",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Versions which Build time before December,2019",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2020-9499",
      datePublished: "2020-04-09T13:19:23",
      dateReserved: "2020-03-01T00:00:00",
      dateUpdated: "2024-08-04T10:34:38.218Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2020-04-09 14:15
Modified
2024-11-21 05:40
Summary
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D871578A-E282-4AEE-8B7E-5F52011FA9CA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.",
      },
      {
         lang: "es",
         value: "Algunos productos Dahua presentan vulnerabilidades de desbordamiento de búfer. Después del inicio de sesión con éxito de la cuenta legal, el atacante envía un comando de prueba DDNS específico, que puede hacer que el dispositivo se caiga.",
      },
   ],
   id: "CVE-2020-9499",
   lastModified: "2024-11-21T05:40:46.800",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.2,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-09T14:15:13.213",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-05-13 16:15
Modified
2024-11-21 04:52
Summary
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D479D171-7F30-4D6B-8A49-0A3967103B94",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hdbw1320e-w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBF6051-B1DF-4028-ADC1-CF3820C1CA71",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hdbw1320e-w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F221BD07-E754-4355-B031-A95147905815",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.",
      },
      {
         lang: "es",
         value: "Los dispositivos Dahua con tiempo de Compilación antes de diciembre de 2019, usan un modo de inicio de sesión de seguridad fuerte por defecto, pero en función de ser compatibles con el inicio de sesión normal de los primeros dispositivos, algunos dispositivos conservan el modo de inicio de sesión de seguridad débil que los usuarios pueden controlar. Si el usuario usa un método de inicio de sesión de seguridad débil, un atacante puede monitorear la red del dispositivo para interceptar los paquetes de red para atacar el dispositivo. Por lo tanto, es recomendado que el usuario desactive este método de inicio de sesión.",
      },
   ],
   id: "CVE-2019-9682",
   lastModified: "2024-11-21T04:52:06.380",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-05-13T16:15:12.870",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/767",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-276",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-04-09 14:15
Modified
2024-11-21 05:40
Summary
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahua:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D871578A-E282-4AEE-8B7E-5F52011FA9CA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.",
      },
      {
         lang: "es",
         value: "Algunos productos de Dahua presentan vulnerabilidades de denegación de servicio. Después del inicio de sesión con éxito de la cuenta legal, el atacante envía un comando de consulta de registro específico, lo que puede causar que el dispositivo se caiga.",
      },
   ],
   id: "CVE-2020-9500",
   lastModified: "2024-11-21T05:40:46.927",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 4.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "HIGH",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-04-09T14:15:13.260",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/727",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-05-13 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1CE773D-CA5F-483C-B20C-DAD30A590DDD",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "083AE420-CAF9-4A2A-8C76-79DD590FA191",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1EE24474-EF35-4475-99DD-4B54D6AF0B2D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A075994-60D1-40B7-9EF6-8048CBC18764",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A3C5893-E1D0-4E06-9F7F-058B657E4493",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F78D2E9E-9909-4130-A146-CA861F7DF341",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "19B57B9D-0729-48E0-892B-E39AE1F89AB4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CD222C-C95A-4D5E-A763-5D2F74EAEC04",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECBC0BF-171E-49FD-B6AF-CC7B29D39FB7",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9E8CB654-0526-4E7A-8984-8350B39BB4DF",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "724F4B7D-C8C1-4914-B1D6-B4CB9B1F4093",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx7842h_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AEBFC1D-9F25-4FDB-A191-D7D6C1C6E234",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx7842h:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D6E27D8-C608-49E7-8284-5196EDB428DB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A046C7EA-F954-4F36-9ED3-DBA84F1FB2D3",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hxxx5x4x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD8DCD2-5CEA-420F-860C-11B469D9FF8F",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hxxx5x4x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F051A1A0-E841-42E7-92A3-E45E4017DCDE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b1p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F092AA97-7184-4499-BB83-D6204BD4621B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b1p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB3A7FD-63A2-423C-912F-E2E5B4690CF1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "855B3C5F-CE9D-4FFA-B485-11A8D675F006",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B0FAFA-BEF4-4196-A4BC-4CFD6DCF4986",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n42b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D0E03DE-1BFA-43AD-9AC6-72A1A1545D4B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n42b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51E9FED-4929-42CC-AA6F-BFF61E8F88C0",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F20B6467-53DC-4DC6-BCC2-6B6B33ABD65D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB41CE1D-1A97-4549-A849-D06F78858CA3",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54a4p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFA91720-5AE4-48B6-A940-A4DBE650591D",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54a4p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D479D171-7F30-4D6B-8A49-0A3967103B94",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACD4FD87-1D74-4895-AA89-D26541A55433",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7936F0A3-F6DF-47B2-898E-DBE68B369633",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b5p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D5136C6-2355-4782-BF9C-0874DC5B0CDA",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b5p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "195D7533-B2EF-4BC2-B6D6-0B141FB90090",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n52b3p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7180D6E1-6F7F-4EAD-BD51-02C029EFB034",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n52b3p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "03D1AD58-447D-4D30-B9CF-48B5CB743C2B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:n54b2p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AEC0287A-824B-46D0-84AB-54BEEF90E16B",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:n54b2p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5667962D-1A47-4D77-95A4-6B34F8863761",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hdbw1320e-w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CBF6051-B1DF-4028-ADC1-CF3820C1CA71",
                     versionEndExcluding: "2019-12",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hdbw1320e-w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F221BD07-E754-4355-B031-A95147905815",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.",
      },
      {
         lang: "es",
         value: "Algunos productos Dahua con tiempo de Compilación antes de diciembre de 2019 presentan vulnerabilidades predecibles del ID de Sesión. Durante un acceso de usuario normal, un atacante puede usar el ID de Sesión previsto para construir un paquete de datos para atacar el dispositivo.",
      },
   ],
   id: "CVE-2020-9502",
   lastModified: "2024-11-21T05:40:47.147",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-05-13T16:15:13.277",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/777",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-330",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}