CVE-2020-9086

Published: Dec 27, 2024Modified: Jan 13, 2025

4.3

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.

Affected (3)

Products: Huawei: B612 Firmware

Huawei

1 product

B612 Firmware

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei B612 Firmware	Version b612s-25dtcpu-v100r001b192d03sp00c234
Huawei B612 Firmware	Version b612s-25dtcpu-v100r001b192d03sp00c287
Huawei B612 Firmware	Version b612s-25dtcpu-v100r001b192d05sp00c00

Running on/with	Platform Versions
Huawei B612	All versions

Related CWEs

CWE-124

Buffer Underwrite ('Buffer Underflow')

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en

Source: psirt@huawei.com

Vendor Advisory

Timeline

No history available yet.