Sign-up

ID

VAR-202008-0984


CVE

CVE-2020-9527


TITLE

Shenzhen Hichip Vision Technology Classic buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-009482

DESCRIPTION

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer (P2P) service. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. Shenzhen Hichip Vision Technology A classic buffer overflow vulnerability exists in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Shenzhen Hichip Vision Technology Firmware is a firmware used in IoT devices from Shenzhen Hichip Vision, China. There are security vulnerabilities in Shenzhen Hichip Vision Technology Firmware V6 to V20 (2018-08-09 to 2020). Remote attackers can use this vulnerability to execute arbitrary code with the help of P2P services

Trust: 2.25

sources: NVD: CVE-2020-9527 // JVNDB: JVNDB-2020-009482 // CNNVD: CNNVD-202008-356 // VULHUB: VHN-187652

IOT TAXONOMY

category:['other device']sub_category:general

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:hichipmodel:shenzhen hichip vision technologyscope:ltversion:2020-06-29

Trust: 1.0

vendor:hichip visionmodel:shenzhen hichip vision technologyscope:eqversion:2018-08-09 から 2020

Trust: 0.8

vendor:hichip visionmodel:shenzhen hichip vision technologyscope:eqversion:v6 から v20

Trust: 0.8

sources: JVNDB: JVNDB-2020-009482 // NVD: CVE-2020-9527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9527
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-009482
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202008-356
value: CRITICAL

Trust: 0.6

VULHUB: VHN-187652
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-9527
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009482
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187652
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9527
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009482
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187652 // JVNDB: JVNDB-2020-009482 // CNNVD: CNNVD-202008-356 // NVD: CVE-2020-9527

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.9

sources: VULHUB: VHN-187652 // JVNDB: JVNDB-2020-009482 // NVD: CVE-2020-9527

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-356

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-356

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009482

PATCH
title:Top Pageurl:http://www.hichip.net/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-009482

EXTERNAL IDS
db:NVDid:CVE-2020-9527
Trust: 2.6
db:JVNDBid:JVNDB-2020-009482
Trust: 0.8
db:CNNVDid:CNNVD-202008-356
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-187652
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-187652 // 
            
            
            
            JVNDB: JVNDB-2020-009482 // 
            
            
            
            CNNVD: CNNVD-202008-356 // 
            
            
            
            NVD: CVE-2020-9527

REFERENCES
url:https://hacked.camera/
Trust: 2.5
url:https://redprocyon.com
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9527
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9527
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-187652 // 
            
            
            
            JVNDB: JVNDB-2020-009482 // 
            
            
            
            CNNVD: CNNVD-202008-356 // 
            
            
            
            NVD: CVE-2020-9527

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-187652
db:JVNDBid:JVNDB-2020-009482
db:CNNVDid:CNNVD-202008-356
db:NVDid:CVE-2020-9527

LAST UPDATE DATE
2025-01-30T21:38:38.684000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187652date:2020-08-18T00:00:00
db:JVNDBid:JVNDB-2020-009482date:2020-11-09T07:53:27
db:CNNVDid:CNNVD-202008-356date:2020-08-26T00:00:00
db:NVDid:CVE-2020-9527date:2024-11-21T05:40:48.523

SOURCES RELEASE DATE
db:VULHUBid:VHN-187652date:2020-08-10T00:00:00
db:JVNDBid:JVNDB-2020-009482date:2020-11-09T07:53:27
db:CNNVDid:CNNVD-202008-356date:2020-08-10T00:00:00
db:NVDid:CVE-2020-9527date:2020-08-10T16:15:12.300