CVE-2020-9085

Published: Dec 27, 2024Modified: Jan 13, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.

Affected (3)

Products: Huawei: B612 Firmware

Huawei

1 product

B612 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei B612 Firmware	Version b612s-25dtcpu-v100r001b192d03sp00c234
Huawei B612 Firmware	Version b612s-25dtcpu-v100r001b192d03sp00c287
Huawei B612 Firmware	Version b612s-25dtcpu-v100r001b192d05sp00c00

Running on/with	Platform Versions
Huawei B612	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (1)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en

Source: psirt@huawei.com

Vendor Advisory

Timeline

No history available yet.