Information Disclosure Vulnerability in Dahua Web P2P Control
CVE-2020-9501

5.5MEDIUM

Key Information:

Vendor: Dahuasecurity
Status: Web P2p Control,p2p Plartform Server,client Tools
Vendor: CVE Published:; 13 May 2020

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2020-9501?

The Dahua Web P2P Control vulnerability allows attackers to obtain sensitive Cloud Key information through specific methods. This Cloud Key is crucial for authenticating connections between client tools and the Dahua platform. If compromised, an attacker could leverage the leaked Cloud Key to impersonate legitimate clients, potentially leading to unauthorized access and increased consumption of server resources. Affected versions include those built before April 2020. Ensuring updates are applied is essential for protecting against this vulnerability.

Affected Version(s)

Web P2P control,P2P plartform server,client tools Versions which Build time before April,2020

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2020
Vulnerability Reserved
Mar 1, 2020

CVE-2020-9501 Data

JSON