CVE-2020-9502

Name: CVE-2020-9502
Creator: NVD / NIST
Published: 2020-05-13T16:15:13.277+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.72%

Last modified Jun 17, 2026

CVE-2020-9502 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.. EPSS estimates a 1.72% chance of exploitation in the next 30 days.

Description

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.72%

74.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-330

Affected Software

Vendor	Product	Versions
Dahuasecurity	Sd6al Firmware	< 2019-12
Dahuasecurity	Sd5a Firmware	< 2019-12
Dahuasecurity	Sd1a Firmware	< 2019-12
Dahuasecurity	Ptz1a Firmware	< 2019-12
Dahuasecurity	Sd50 Firmware	< 2019-12
Dahuasecurity	Sd52c Firmware	< 2019-12
Dahuasecurity	Ipc-Hx5842h Firmware	< 2019-12
Dahuasecurity	Ipc-Hx7842h Firmware	< 2019-12
Dahuasecurity	Ipc-Hx2xxx Firmware	< 2019-12
Dahuasecurity	Ipc-Hxxx5x4x Firmware	< 2019-12
Dahuasecurity	N42b1p Firmware	< 2019-12
Dahuasecurity	N42b2p Firmware	< 2019-12
Dahuasecurity	N42b3p Firmware	< 2019-12
Dahuasecurity	N52a4p Firmware	< 2019-12
Dahuasecurity	N54a4p Firmware	< 2019-12
Dahuasecurity	N52b2p Firmware	< 2019-12
Dahuasecurity	N52b5p Firmware	< 2019-12
Dahuasecurity	N52b3p Firmware	< 2019-12
Dahuasecurity	N54b2p Firmware	< 2019-12
Dahuasecurity	Ipc-Hdbw1320e-W Firmware	< 2019-12

References

https://www.dahuasecurity.com/support/cybersecurity/details/777Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/777Vendor Advisory

Timeline

Published: May 13, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-9502?

How severe is CVE-2020-9502?

CVE-2020-9502 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.72% probability of exploitation in the next 30 days.

How do I fix CVE-2020-9502?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-9502?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST