Vulnerability Description
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Sd6Al Firmware | < 2019-12 |
| Dahuasecurity | Sd6Al | - |
| Dahuasecurity | Sd5A Firmware | < 2019-12 |
| Dahuasecurity | Sd5A | - |
| Dahuasecurity | Sd1A Firmware | < 2019-12 |
| Dahuasecurity | Sd1A | - |
| Dahuasecurity | Ptz1A Firmware | < 2019-12 |
| Dahuasecurity | Ptz1A | - |
| Dahuasecurity | Sd50 Firmware | < 2019-12 |
| Dahuasecurity | Sd50 | - |
| Dahuasecurity | Sd52C Firmware | < 2019-12 |
| Dahuasecurity | Sd52C | - |
| Dahuasecurity | Ipc-Hx5842H Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hx5842H | - |
| Dahuasecurity | Ipc-Hx7842H Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hx7842H | - |
| Dahuasecurity | Ipc-Hx2Xxx Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hx2Xxx | - |
| Dahuasecurity | Ipc-Hxxx5X4X Firmware | < 2019-12 |
| Dahuasecurity | Ipc-Hxxx5X4X | - |
References
- https://www.dahuasecurity.com/support/cybersecurity/details/727Vendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/727Vendor Advisory
FAQ
What is CVE-2020-9500?
CVE-2020-9500 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
How severe is CVE-2020-9500?
CVE-2020-9500 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9500?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Sd6Al Firmware, Dahuasecurity Sd6Al, Dahuasecurity Sd5A Firmware, Dahuasecurity Sd5A, Dahuasecurity Sd1A Firmware.