CVE-2020-9501

Name of the Vulnerable Software and Affected Versions Dahua Web P2P control versions with Build time before April 2020

Description The issue allows attackers to obtain Cloud Key information from the Dahua Web P2P control, which is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client and connect to the platform, resulting in additional consumption of platform server resources.

Recommendations For versions with Build time before April 2020, consider restricting access to the Dahua Web P2P control until a fix is available. As a temporary workaround, limit the consumption of platform server resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.