Lucene search

DahuaCVE-2020-9500

HistoryApr 09, 2020 - 2:15 p.m.

CVE-2020-9500

2020-04-0914:15:13

dahua

web.nvd.nist.gov

dahua

cve-2020-9500

dos vulnerability

log query command

security issue

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.

Affected configurations

Nvd

Node

dahuasecuritysd6al_firmwareRange<2019-12

AND

dahuasecuritysd6alMatch-

Node

dahuasecuritysd5a_firmwareRange<2019-12

AND

dahuasecuritysd5aMatch-

Node

dahuasecuritysd1a_firmwareRange<2019-12

AND

dahuasecuritysd1aMatch-

Node

dahuasecurityptz1a_firmwareRange<2019-12

AND

dahuasecurityptz1aMatch-

Node

dahuasecuritysd50_firmwareRange<2019-12

AND

dahuasecuritysd50Match-

Node

dahuasecuritysd52c_firmwareRange<2019-12

AND

dahuasecuritysd52cMatch-

Node

dahuasecurityipc-hx5842h_firmwareRange<2019-12

AND

dahuasecurityipc-hx5842hMatch-

Node

dahuasecurityipc-hx7842h_firmwareRange<2019-12

AND

dahuasecurityipc-hx7842hMatch-

Node

dahuasecurityipc-hx2xxx_firmwareRange<2019-12

AND

dahuasecurityipc-hx2xxxMatch-

Node

dahuasecurityipc-hxxx5x4x_firmwareRange<2019-12

AND

dahuasecurityipc-hxxx5x4xMatch-

Node

dahuasecurityn42b1p_firmwareRange<2019-12

AND

dahuasecurityn42b1pMatch-

Node

dahuasecurityn42b2p_firmwareRange<2019-12

AND

dahuasecurityn42b2pMatch-

Node

dahuasecurityn42b3p_firmwareRange<2019-12

AND

dahuasecurityn42b3pMatch-

Node

dahuasecurityn52a4p_firmwareRange<2019-12

AND

dahuasecurityn52a4pMatch-

Node

dahuasecurityn54a4p_firmwareRange<2019-12

AND

dahuan54a4pMatch-

Node

dahuasecurityn52b2p_firmwareRange<2019-12

AND

dahuasecurityn52b2pMatch-

Node

dahuasecurityn52b5p_firmwareRange<2019-12

AND

dahuasecurityn52b5pMatch-

Node

dahuasecurityn52b3p_firmwareRange<2019-12

AND

dahuasecurityn52b3pMatch-

Node

dahuasecurityn54b2p_firmwareRange<2019-12

AND

dahuasecurityn54b2pMatch-

VendorProductVersionCPE
dahuasecuritysd6al_firmware*cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
dahuasecuritysd6al-cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*
dahuasecuritysd5a_firmware*cpe:2.3:o:dahuasecurity:sd5a_firmware:*:*:*:*:*:*:*:*
dahuasecuritysd5a-cpe:2.3:h:dahuasecurity:sd5a:-:*:*:*:*:*:*:*
dahuasecuritysd1a_firmware*cpe:2.3:o:dahuasecurity:sd1a_firmware:*:*:*:*:*:*:*:*
dahuasecuritysd1a-cpe:2.3:h:dahuasecurity:sd1a:-:*:*:*:*:*:*:*
dahuasecurityptz1a_firmware*cpe:2.3:o:dahuasecurity:ptz1a_firmware:*:*:*:*:*:*:*:*
dahuasecurityptz1a-cpe:2.3:h:dahuasecurity:ptz1a:-:*:*:*:*:*:*:*
dahuasecuritysd50_firmware*cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
dahuasecuritysd50-cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dahuasecurity	sd6al_firmware	*	cpe:2.3:o:dahuasecurity:sd6al_firmware::::::::
dahuasecurity	sd6al	-	cpe:2.3:h:dahuasecurity:sd6al:-:::::::*
dahuasecurity	sd5a_firmware	*	cpe:2.3:o:dahuasecurity:sd5a_firmware::::::::
dahuasecurity	sd5a	-	cpe:2.3:h:dahuasecurity:sd5a:-:::::::*
dahuasecurity	sd1a_firmware	*	cpe:2.3:o:dahuasecurity:sd1a_firmware::::::::
dahuasecurity	sd1a	-	cpe:2.3:h:dahuasecurity:sd1a:-:::::::*
dahuasecurity	ptz1a_firmware	*	cpe:2.3:o:dahuasecurity:ptz1a_firmware::::::::
dahuasecurity	ptz1a	-	cpe:2.3:h:dahuasecurity:ptz1a:-:::::::*
dahuasecurity	sd50_firmware	*	cpe:2.3:o:dahuasecurity:sd50_firmware::::::::
dahuasecurity	sd50	-	cpe:2.3:h:dahuasecurity:sd50:-:::::::*

Rows per page:

1-10 of 381

CNA Affected

[
  {
    "product": "IPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions which Build time before December,2019"
      }
    ]
  }
]

References

www.dahuasecurity.com/support/cybersecurity/details/727

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVE-2020-9500