CVE-2020-9529 Information

Description

Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20) as used by many different vendors in millions of Internet of Things devices suffers from a privilege escalation vulnerability that allows attackers on the local network to reset the device’s administrator password. This affects products marketed under the following brand names: Accfly Alptop Anlink Besdersec BOAVISION COOAU CPVAN Ctronics D3D Security Dericam Elex System Elite Security ENSTER ePGes Escam FLOUREON GENBOLT Hongjingtian (HJT) ICAMI Iegeek Jecurity Jennov KKMoon LEFTEK Loosafe Luowice Nesuniq Nettoly ProElite QZT Royallite SDETER SV3C SY2L Tenvis ThinkValue TOMLOV TPTEK WGCC and ZILINK.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://hacked.camera/ https://redprocyon.com

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8