Predictable Session ID Vulnerability in Dahua Products
CVE-2020-9502

9.8CRITICAL

Key Information:

Vendor: Dahuasecurity
Status: Ipc-hx2xxx Series,ipc-hxxx5x4x Series,ipc-hx5842h,ipc-hx7842h,nvr 5x Series,nvr 4x Series,sd6al Series,sd5a Series,sd1a Series,ptz1a Series,sd50/52c Series,ipc-hfw1431s
Vendor: CVE Published:; 13 May 2020

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2020-9502?

Certain Dahua security devices, manufactured before December 2019, exhibit a predictable Session ID vulnerability. This flaw allows attackers to exploit predictable session identifiers during normal user interactions, enabling unauthorized access to sensitive device data by constructing crafted data packets. This vulnerability underscores the necessity for users to ensure their systems are updated and secured against such predictable attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HFW1431S Versions which Build time before December,2019

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 13, 2020
Vulnerability Reserved
Mar 1, 2020

JSON

Dahuasecurity

What is CVE-2020-9502?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.