DHCC-SA-202005-003:Security Advisory –Session ID predictable vulnerability found in some Dahua products
SA ID:DHCC-SA-202005-003
First Published:2020-5-11
Summary:
1.CVE-2020-9502:Session ID can be predicted vulnerability
Some Dahua products have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.
Vulnerability Score(CVSS V3.1 http://www.first.org/cvss/specification-document):
CVE-2020-9502
Base Score:8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Score:7.9 E:P/RL:O/RC:C
Affected Products & Fix Software:
The following product series and models are currently known to be affected:
|
Affected Model |
Affected Version |
Fix Software |
|
IPC-HX2XXX Series |
Versions which Build time before December,2019 |
DH_IPC-HX25(8)XX-Molec_MultiLang_PN_V2.800.0000000.15.R.200313 General_IPC-HX25(8)XX-Molec_MultiLang_PN_V2.800.0000000.15.R.200313 DH_IPC-HX25(8)XX-Molec_MultiLang_NP_V2.800.0000000.15.R.200313 General_IPC-HX25(8)XX-Molec_MultiLang_NP_V2.800.0000000.15.R.200313 |
|
IPC-HXXX5X4X Series
|
Versions which Build time before December,2019 |
DH_IPC-HX5XXX-Volt_MultiLang_PN_Stream3_V2.800.0000000.12.R.200319 DH_IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.800.0000000.12.R.200319 DH_IPC-HX5XXX-Volt_MultiLang_PN_Stream3_V2.800.0000000.12.R.200319 DH_IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.800.0000000.12.R.200319 |
|
IPC-HX5842H |
Versions which Build time before December,2019 |
DH_IPC-HX8XXX-Nobel_MultiLang_PN_Stream3_V2.800.0000000.5.R.200324 DH_IPC-HX8XXX-Nobel_MultiLang_NP_Stream3_V2.800.0000000.5.R.200324 General_IPC-HX8XXX-Nobel_MultiLang_PN_Stream3_V2.800.0000000.5.R.200324 General_IPC-HX8XXX-Nobel_MultiLang_NP_Stream3_V2.800.0000000.5.R.200324 |
|
IPC-HX7842H |
Versions which Build time before December,2019 |
DH_IPC-HX8XXX-Nobel_MultiLang_NP_V2.800.0000000.5.R.200324 DH_IPC-HX8XXX-Nobel_MultiLang_PN_V2.800.0000000.5.R.200324 General_IPC-HX8XXX-Nobel_MultiLang_NP_V2.800.0000000.5.R.200324 General_IPC-HX8XXX-Nobel_MultiLang_PN_V2.800.0000000.5.R.200324 |
|
NVR 5x Series |
Versions which Build time before December,2019 |
DH_NVR5XXX-4KS2_MultiLang_V4.001.0000000.1.R.200319 |
|
NVR 4x Series |
Versions which Build time before December,2019 |
General_NVR4XXX-4KS2_MultiLang_V4.001.0000000.1.R.200319 |
|
SD6AL Series |
Versions which Build time before December,2019 |
DH_SD-Prometheus_MultiLang_PN_Stream3_V2.800.0000009.3.R.200331 DH_SD-Prometheus_Chn_PN_Stream3_V2.800.0000009.3.R.200331 General_SD-Prometheus_MultiLang_NP_Stream3_V2.800.0000009.3.R.200331 General_SD-Prometheus_Chn_PN_Stream3_V2.800.0000009.3.R.200331 DH_SD-Prometheus_MultiLang_NP_Stream3_V2.800.0000009.3.R.200331 General_SD-Prometheus_MultiLang_PN_Stream3_V2.800.0000009.3.R.200331 |
|
SD5A Series |
||
|
SD1A Series |
||
|
PTZ1A Series |
||
|
SD50/52C Series |
||
|
IPC-HFW1431S |
Versions which Build time before December,2019 |
DH_IPC-HX2X3X-Rhea_MultiLang_NP_Stream2_V2.800.0000015.0.R.200430 |
Note: Please login to the Web interface of the device to view Build time, which you can find on the Settings-System Information-Version Information page (setting-systeminfo-version).
Fix Software Download:
Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical support to upgrade.
● Cloud Upgrade: Dahua products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.
● Dahua Official Website: Mainland:https://www.dahuasecurity.com/support/downloadCenter
● Dahua Technical Support Personnel
Support Resources:
For any questions or concerns related to our products and solutions, please contact Dahua PSIRT at psirt@dahuatech.com.
We acknowledge the support of Thomas Vogt from the University of Applied Sciences Offenburg who discovered this vulnerability and reported to Dahua PSIRT.
