CVE-2020-9502
CRITICALDahua Firmware < 2019-12 - Session ID Predictability
Title source: llmDescription
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dahuasecurity.com/support/cybersecurity/details/777
Scores
CVSS v3
9.8
EPSS
0.0172
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-330
Status
published
Products (20)
dahuasecurity/ipc-hdbw1320e-w_firmware
< 2019-12
dahuasecurity/ipc-hx2xxx_firmware
< 2019-12
dahuasecurity/ipc-hx5842h_firmware
< 2019-12
dahuasecurity/ipc-hx7842h_firmware
< 2019-12
dahuasecurity/ipc-hxxx5x4x_firmware
< 2019-12
dahuasecurity/n42b1p_firmware
< 2019-12
dahuasecurity/n42b2p_firmware
< 2019-12
dahuasecurity/n42b3p_firmware
< 2019-12
dahuasecurity/n52a4p_firmware
< 2019-12
dahuasecurity/n52b2p_firmware
< 2019-12
... and 10 more
Published
May 13, 2020
Tracked Since
Feb 18, 2026