Details of VAR-202008-0986

ID

VAR-202008-0986

CVE

CVE-2020-9529

TITLE

Shenzhen Hichip Vision Technology Privilege management vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-009484

DESCRIPTION

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device's administrator password. This affects products marketed under the following brand names: Accfly, Alptop, Anlink, Besdersec, BOAVISION, COOAU, CPVAN, Ctronics, D3D Security, Dericam, Elex System, Elite Security, ENSTER, ePGes, Escam, FLOUREON, GENBOLT, Hongjingtian (HJT), ICAMI, Iegeek, Jecurity, Jennov, KKMoon, LEFTEK, Loosafe, Luowice, Nesuniq, Nettoly, ProElite, QZT, Royallite, SDETER, SV3C, SY2L, Tenvis, ThinkValue, TOMLOV, TPTEK, WGCC, and ZILINK. Shenzhen Hichip Vision Technology There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Shenzhen Hichip Vision Technology Firmware is a firmware used in IoT devices from Shenzhen Hichip Vision, China. An attacker can use this vulnerability to reset the administrator password of the device

Trust: 2.25

sources: NVD: CVE-2020-9529 // JVNDB: JVNDB-2020-009484 // CNNVD: CNNVD-202008-358 // VULHUB: VHN-187654

AFFECTED PRODUCTS

vendor:	hichip	model:	shenzhen hichip vision technology	scope:	lt	version:	2020-06-29	Trust: 1.0
vendor:	hichip vision	model:	shenzhen hichip vision technology	scope:	eq	version:	v6 から v20	Trust: 0.8

sources: JVNDB: JVNDB-2020-009484 // NVD: CVE-2020-9529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9529
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-009484
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202008-358
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-187654
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-9529
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009484
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187654
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9529
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009484
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187654 // JVNDB: JVNDB-2020-009484 // CNNVD: CNNVD-202008-358 // NVD: CVE-2020-9529

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-187654 // JVNDB: JVNDB-2020-009484 // NVD: CVE-2020-9529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-358

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-358

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009484

PATCH

title:

Top Page

url:

http://www.hichip.net/

Trust: 0.8

sources: JVNDB: JVNDB-2020-009484

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9529	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-009484	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-358	Trust: 0.6
db:	VULHUB	id:	VHN-187654	Trust: 0.1

sources: VULHUB: VHN-187654 // JVNDB: JVNDB-2020-009484 // CNNVD: CNNVD-202008-358 // NVD: CVE-2020-9529

REFERENCES

url:	https://hacked.camera/	Trust: 2.5
url:	https://redprocyon.com	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9529	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9529	Trust: 0.8

sources: VULHUB: VHN-187654 // JVNDB: JVNDB-2020-009484 // CNNVD: CNNVD-202008-358 // NVD: CVE-2020-9529

SOURCES

db:	VULHUB	id:	VHN-187654
db:	JVNDB	id:	JVNDB-2020-009484
db:	CNNVD	id:	CNNVD-202008-358
db:	NVD	id:	CVE-2020-9529

LAST UPDATE DATE

2024-11-23T21:51:23.447000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187654	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-009484	date:	2020-11-09T07:53:31
db:	CNNVD	id:	CNNVD-202008-358	date:	2020-08-26T00:00:00
db:	NVD	id:	CVE-2020-9529	date:	2024-11-21T05:40:48.803

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187654	date:	2020-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-009484	date:	2020-11-09T07:53:31
db:	CNNVD	id:	CNNVD-202008-358	date:	2020-08-10T00:00:00
db:	NVD	id:	CVE-2020-9529	date:	2020-08-10T16:15:12.410