CVE-2020-9502

Summary

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

Affected Software

VendorProductVersion RangeStatus
n/aIPC-HX2XXX Series,IPC-HXXX5X4X Series,IPC-HX5842H,IPC-HX7842H,NVR 5x Series,NVR 4x Series,SD6AL Series,SD5A Series,SD1A Series,PTZ1A Series,SD50/52C Series,IPC-HFW1431SVersions which Build time before December,2019affected

Weaknesses

  • Session hijacking

ADP Enrichment

CVE Program Container

Additional References

References