Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| dahuasecurity | sd6al_firmware | 2019-12 | - |
| dahuasecurity | sd5a_firmware | 2019-12 | - |
| dahuasecurity | sd1a_firmware |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
20
Affected Products
2
References
dahuasecurity / sd6al_firmware
| 2019-12 |
| - |
| dahuasecurity | ptz1a_firmware | 2019-12 | - |
| dahuasecurity | sd50_firmware | 2019-12 | - |
| dahuasecurity | sd52c_firmware | 2019-12 | - |
| dahuasecurity | ipc-hx5842h_firmware | 2019-12 | - |
| dahuasecurity | ipc-hx7842h_firmware | 2019-12 | - |
| dahuasecurity | ipc-hx2xxx_firmware | 2019-12 | - |
| dahuasecurity | ipc-hxxx5x4x_firmware | 2019-12 | - |
| dahuasecurity | n42b1p_firmware | 2019-12 | - |
| dahuasecurity | n42b2p_firmware | 2019-12 | - |
| dahuasecurity | n42b3p_firmware | 2019-12 | - |
| dahuasecurity | n52a4p_firmware | 2019-12 | - |
| dahuasecurity | n54a4p_firmware | 2019-12 | - |
| dahuasecurity | n52b2p_firmware | 2019-12 | - |
| dahuasecurity | n52b5p_firmware | 2019-12 | - |
| dahuasecurity | n52b3p_firmware | 2019-12 | - |
| dahuasecurity | n54b2p_firmware | 2019-12 | - |
| dahuasecurity | ipc-hdbw1320e-w_firmware | 2019-12 | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact