Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-9527
HistoryAug 10, 2020 - 4:15 p.m.

CVE-2020-9527

2020-08-1016:15:12
CWE-120
[email protected]
web.nvd.nist.gov
2
cve-2020-9527
shenzhen hichip vision technology
buffer overflow
internet of things
p2p service
accfly
alptop
anlink
besdersec
boavision
cooau
cpvan
ctronics
d3d security
dericam
elex system
elite security
enster
epges
escam
floureon
genbolt
hongjingtian (hjt)
icami
iegeek
jecurity
jennov
kkmoon
leftek
loosafe
luowice
nesuniq
nettoly
proelite
qzt
royallite
sdeter
sv3c
sy2l
tenvis
thinkvalue
tomlov
tptek
wgcc
zilink

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer (P2P) service. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK.

Affected configurations

Nvd
Node
hichipshenzhen_hichip_vision_technology_firmwareRange<2020-06-29
VendorProductVersionCPE
hichipshenzhen_hichip_vision_technology_firmware*cpe:2.3:o:hichip:shenzhen_hichip_vision_technology_firmware:*:*:*:*:*:*:*:*

Related

cvelist 1
cve 1
prion 1
cvelist
cvelist
CVE-2020-9527
2020-08-10 15:24:50
cve
cve
CVE-2020-9527
2020-08-10 16:15:12
prion
prion
Buffer overflow
2020-08-10 16:15:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.01

Percentile

83.5%

JSON
Related for NVD:CVE-2020-9527
cvelist1cve1prion1