Login Sign Up

CVE-2020-9529

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This CVE describes a privilege escalation vulnerability in firmware developed by Shenzhen Hichip Vision Technology (versions V6 through V20) used by numerous IoT device vendors. Attackers on the local network can reset the device's administrator password, gaining full control over affected cameras and security devices. Millions of devices across dozens of brands are vulnerable.

💻 Affected Systems

Products:
  • Accfly
  • Alptop
  • Anlink
  • Besdersec
  • BOAVISION
  • COOAU
  • CPVAN
  • Ctronics
  • D3D Security
  • Dericam
  • Elex System
  • Elite Security
  • ENSTER
  • ePGes
  • Escam
  • FLOUREON
  • GENBOLT
  • Hongjingtian (HJT)
  • ICAMI
  • Iegeek
  • Jecurity
  • Jennov
  • KKMoon
  • LEFTEK
  • Loosafe
  • Luowice
  • Nesuniq
  • Nettoly
  • ProElite
  • QZT
  • Royallite
  • SDETER
  • SV3C
  • SY2L
  • Tenvis
  • ThinkValue
  • TOMLOV
  • TPTEK
  • WGCC
  • ZILINK
Versions: V6 through V20
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects millions of IoT cameras and security devices using Shenzhen Hichip Vision Technology firmware. Many devices may be rebranded versions of the same hardware.

📦 What is this software?

Shenzhen Hichip Vision Technology Firmware by Hichip

View all CVEs affecting Shenzhen Hichip Vision Technology Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of IoT security devices allowing attackers to disable surveillance, access video feeds, pivot to internal networks, or use devices as botnet nodes.

🟠

Likely Case

Unauthorized access to camera feeds and device control, potential privacy violations, and device hijacking for malicious purposes.

🟢

If Mitigated

Limited impact if devices are properly segmented and network access controls prevent local network attacks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only local network access. Attack tools and scripts are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory available

Restart Required: No

Instructions:

No official patch available. Check with individual device vendors for firmware updates, though many may not provide patches.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected IoT devices on separate VLANs with strict firewall rules preventing access from untrusted networks.

Disable Unnecessary Services

all

Disable UPnP, Telnet, and other unnecessary network services on affected devices if possible.

🧯 If You Can't Patch

  • Physically disconnect vulnerable devices from networks or replace with secure alternatives
  • Implement strict network access controls allowing only necessary traffic to/from devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or telnet. If firmware is V6-V20 and uses Hichip technology, assume vulnerable.

Check Version:

Check via device web interface or telnet to device on port 23 (if enabled)

Verify Fix Applied:

No official fix available to verify. If vendor provides update, verify firmware version is above V20.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected password reset events
  • Failed login attempts followed by successful access
  • Unusual administrative activity

Network Indicators:

  • Telnet connections to device ports
  • HTTP POST requests to password reset endpoints
  • Unusual outbound traffic from IoT devices

SIEM Query:

source="iot_device" AND (event="password_reset" OR event="admin_login")

📊 Metadata

CVE ID: CVE-2020-9529
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: August 10, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON