Vulnerability Description
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Sd6Al Firmware | < 2019-12 |
| Dahuasecurity | Sd6Al | - |
| Dahuasecurity | Sd5A Firmware | < 2019-12 |
| Dahuasecurity | Sd5A | - |
| Dahuasecurity | Sd1A Firmware | < 2019-12 |
| Dahuasecurity | Sd1A | - |
| Dahuasecurity | Ptz1A Firmware | < 2019-12 |
| Dahuasecurity | Ptz1A | - |
| Dahuasecurity | Sd50 Firmware | < 2019-12 |
| Dahuasecurity | Sd50 | - |
| Dahuasecurity | Sd52C Firmware | < 2019-12 |
| Dahuasecurity | Sd52C | - |
| Dahuasecurity | Ipc-Hx5842H Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hx5842H | - |
| Dahuasecurity | Ipc-Hx7842H Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hx7842H | - |
| Dahuasecurity | Ipc-Hx2Xxx Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hx2Xxx | - |
| Dahuasecurity | Ipc-Hxxx5X4X Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hxxx5X4X | - |
Related Weaknesses (CWE)
References
- https://www.dahuasecurity.com/support/cybersecurity/details/727Vendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/727Vendor Advisory
FAQ
What is CVE-2020-9499?
CVE-2020-9499 is a vulnerability with a CVSS score of 7.2 (HIGH). Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
How severe is CVE-2020-9499?
CVE-2020-9499 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9499?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Sd6Al Firmware, Dahuasecurity Sd6Al, Dahuasecurity Sd5A Firmware, Dahuasecurity Sd5A, Dahuasecurity Sd1A Firmware.