CVE-2020-9501

Published: May 13, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected.

Affected (1)

Products: Dahuasecurity: Web P2p

Dahuasecurity

1 product

Web P2p

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dahuasecurity Web P2p	Before 2020-04

References (2)

https://www.dahuasecurity.com/support/cybersecurity/details/757

Source: cybersecurity@dahuatech.com

Vendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/757

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.