CVE-2020-9502

CRITICAL

Dahua <Dec 2019 - SSRF

Title source: llm

Description

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

References (1)

[Vendor Advisory] https://www.dahuasecurity.com/support/cybersecurity/details/777

Scores

CVSS v3 9.8

EPSS 0.0060

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-330

Status published

Products (20)

dahuasecurity/ipc-hdbw1320e-w_firmware < 2019-12

dahuasecurity/ipc-hx2xxx_firmware < 2019-12

dahuasecurity/ipc-hx5842h_firmware < 2019-12

dahuasecurity/ipc-hx7842h_firmware < 2019-12

dahuasecurity/ipc-hxxx5x4x_firmware < 2019-12

dahuasecurity/n42b1p_firmware < 2019-12

dahuasecurity/n42b2p_firmware < 2019-12

dahuasecurity/n42b3p_firmware < 2019-12

dahuasecurity/n52a4p_firmware < 2019-12

dahuasecurity/n52b2p_firmware < 2019-12

... and 10 more

Published May 13, 2020

Tracked Since Feb 18, 2026