Sign-up

ID

VAR-202008-0985


CVE

CVE-2020-9528


TITLE

Shenzhen Hichip Vision Technology Vulnerability in using cryptographic algorithms in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-009483

DESCRIPTION

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. Shenzhen Hichip Vision Technology There is a vulnerability in the firmware regarding the use of cryptographic algorithms.Information may be obtained. A remote attacker can use this vulnerability to access user session data

Trust: 2.25

sources: NVD: CVE-2020-9528 // JVNDB: JVNDB-2020-009483 // CNNVD: CNNVD-202008-357 // VULHUB: VHN-187653

AFFECTED PRODUCTS

vendor:hichipmodel:shenzhen hichip vision technologyscope:ltversion:2020-06-29

Trust: 1.0

vendor:hichip visionmodel:shenzhen hichip vision technologyscope:eqversion:v6 から v20

Trust: 0.8

sources: JVNDB: JVNDB-2020-009483 // NVD: CVE-2020-9528

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9528
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009483
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-357
value: HIGH

Trust: 0.6

VULHUB: VHN-187653
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9528
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009483
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-187653
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9528
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009483
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187653 // JVNDB: JVNDB-2020-009483 // CNNVD: CNNVD-202008-357 // NVD: CVE-2020-9528

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.9

sources: VULHUB: VHN-187653 // JVNDB: JVNDB-2020-009483 // NVD: CVE-2020-9528

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-357

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-357

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-009483

PATCH
title:Top Pageurl:http://www.hichip.net/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-009483

EXTERNAL IDS
db:NVDid:CVE-2020-9528
Trust: 2.5
db:JVNDBid:JVNDB-2020-009483
Trust: 0.8
db:CNNVDid:CNNVD-202008-357
Trust: 0.6
db:VULHUBid:VHN-187653
Trust: 0.1
sources:
            
            
            VULHUB: VHN-187653 // 
            
            
            
            JVNDB: JVNDB-2020-009483 // 
            
            
            
            CNNVD: CNNVD-202008-357 // 
            
            
            
            NVD: CVE-2020-9528

REFERENCES
url:https://hacked.camera/
Trust: 2.5
url:https://redprocyon.com
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-9528
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9528
Trust: 0.8
sources:
            
            
            VULHUB: VHN-187653 // 
            
            
            
            JVNDB: JVNDB-2020-009483 // 
            
            
            
            CNNVD: CNNVD-202008-357 // 
            
            
            
            NVD: CVE-2020-9528

SOURCES
db:VULHUBid:VHN-187653
db:JVNDBid:JVNDB-2020-009483
db:CNNVDid:CNNVD-202008-357
db:NVDid:CVE-2020-9528

LAST UPDATE DATE
2024-11-23T23:11:18.297000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-187653date:2020-08-18T00:00:00
db:JVNDBid:JVNDB-2020-009483date:2020-11-09T07:53:29
db:CNNVDid:CNNVD-202008-357date:2020-08-26T00:00:00
db:NVDid:CVE-2020-9528date:2024-11-21T05:40:48.663

SOURCES RELEASE DATE
db:VULHUBid:VHN-187653date:2020-08-10T00:00:00
db:JVNDBid:JVNDB-2020-009483date:2020-11-09T07:53:29
db:CNNVDid:CNNVD-202008-357date:2020-08-10T00:00:00
db:NVDid:CVE-2020-9528date:2020-08-10T16:15:12.363