Denial of Service Vulnerability in Dahua Security Products
CVE-2020-9500

4.9MEDIUM

Key Information:

Vendor: Dahuasecurity
Status: Ipc-hx2xxx Series,ipc-hxxx5x4x Series,ipc-hx5842h,ipc-hx7842h,nvr 5x Series,nvr 4x Series,sd6al Series,sd5a Series,sd1a Series,ptz1a Series,sd50/52c Series
Vendor: CVE Published:; 9 April 2020

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2020-9500?

Dahua security products are exposed to a denial of service vulnerability which can be exploited post-authentication. An attacker, upon logging in with valid credentials, can execute a specific log query command that disrupts the functionality of the device, potentially causing it to become unavailable. This vulnerability highlights the need for robust security practices and timely updates to safeguard against such threats.

Affected Version(s)

IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series Versions which Build time before December,2019

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2020
Vulnerability Reserved
Mar 1, 2020

CVE-2020-9500 Data

JSON