Lucene search

[email protected]CVE-2020-9500

HistoryApr 09, 2020 - 2:15 p.m.

CVE-2020-9500

2020-04-0914:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

dahua

cve-2020-9500

dos vulnerability

log query command

security issue

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

34.0%

JSON

Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.

CPENameOperatorVersion
dahuasecurity:sd6al_firmwaredahuasecurity sd6al firmwarelt2019-12
dahuasecurity:sd5a_firmwaredahuasecurity sd5a firmwarelt2019-12
dahuasecurity:sd1a_firmwaredahuasecurity sd1a firmwarelt2019-12
dahuasecurity:ptz1a_firmwaredahuasecurity ptz1a firmwarelt2019-12
dahuasecurity:sd50_firmwaredahuasecurity sd50 firmwarelt2019-12
dahuasecurity:sd52c_firmwaredahuasecurity sd52c firmwarelt2019-12
dahuasecurity:ipc-hx5842h_firmwaredahuasecurity ipc-hx5842h firmwarelt2019-12
dahuasecurity:ipc-hx7842h_firmwaredahuasecurity ipc-hx7842h firmwarelt2019-12
dahuasecurity:ipc-hx2xxx_firmwaredahuasecurity ipc-hx2xxx firmwarelt2019-12
dahuasecurity:ipc-hxxx5x4x_firmwaredahuasecurity ipc-hxxx5x4x firmwarelt2019-12

CPE	Name	Operator	Version
dahuasecurity:sd6al_firmware	dahuasecurity sd6al firmware	lt	2019-12
dahuasecurity:sd5a_firmware	dahuasecurity sd5a firmware	lt	2019-12
dahuasecurity:sd1a_firmware	dahuasecurity sd1a firmware	lt	2019-12
dahuasecurity:ptz1a_firmware	dahuasecurity ptz1a firmware	lt	2019-12
dahuasecurity:sd50_firmware	dahuasecurity sd50 firmware	lt	2019-12
dahuasecurity:sd52c_firmware	dahuasecurity sd52c firmware	lt	2019-12
dahuasecurity:ipc-hx5842h_firmware	dahuasecurity ipc-hx5842h firmware	lt	2019-12
dahuasecurity:ipc-hx7842h_firmware	dahuasecurity ipc-hx7842h firmware	lt	2019-12
dahuasecurity:ipc-hx2xxx_firmware	dahuasecurity ipc-hx2xxx firmware	lt	2019-12
dahuasecurity:ipc-hxxx5x4x_firmware	dahuasecurity ipc-hxxx5x4x firmware	lt	2019-12

Rows per page:

1-10 of 191

References

www.dahuasecurity.com/support/cybersecurity/details/727

Social References

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

34.0%

JSON

Related for CVE-2020-9500

prion1