1. Home
  2. CVE Database
  3. CVE-2020-9502
CRITICAL · 9.8

CVE-2020-9502

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet...

Vulnerability Description

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DahuasecuritySd6Al Firmware< 2019-12
DahuasecuritySd6Al-
DahuasecuritySd5A Firmware< 2019-12
DahuasecuritySd5A-
DahuasecuritySd1A Firmware< 2019-12
DahuasecuritySd1A-
DahuasecurityPtz1A Firmware< 2019-12
DahuasecurityPtz1A-
DahuasecuritySd50 Firmware< 2019-12
DahuasecuritySd50-
DahuasecuritySd52C Firmware< 2019-12
DahuasecuritySd52C-
DahuasecurityIpc-Hx5842H Firmware< 2019-12
DahuasecurityIpc-Hx5842H-
DahuasecurityIpc-Hx7842H Firmware< 2019-12
DahuasecurityIpc-Hx7842H-
DahuasecurityIpc-Hx2Xxx Firmware< 2019-12
DahuasecurityIpc-Hx2Xxx-
DahuasecurityIpc-Hxxx5X4X Firmware< 2019-12
DahuasecurityIpc-Hxxx5X4X-

Related Weaknesses (CWE)

CWE-330

References

FAQ

What is CVE-2020-9502?

CVE-2020-9502 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet...

How severe is CVE-2020-9502?

CVE-2020-9502 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-9502?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Sd6Al Firmware, Dahuasecurity Sd6Al, Dahuasecurity Sd5A Firmware, Dahuasecurity Sd5A, Dahuasecurity Sd1A Firmware.