CVE-2020-9247
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
Affected (28)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.230\(c432e9r5p1\) |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r3p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Mate 20 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.270\(c432e7r1p5\) |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r2p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Mate 20 X | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.1.0.272(c635e4r2p2) |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r2p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei P30 Pro | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.273\(c185e5r2p4\) |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c786e160r3p8\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Laya Al00ep | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r2p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Princeton Al10b | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r2p11\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Tony Al00b | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.225\(c432e3r1p2\) |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c01e160r8p12\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Yale Tl00b | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.160\(c00e160r8p12\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Yalep Al10b | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.231\(c10e3r3p2\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Honor 20 Pro | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.270\(c635e3r1p5\) |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.273\(c185e7r2p4\) |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.273\(c636e7r2p4\) |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.277\(c10e7r2p4\) |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.277\(c605e7r1p5\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Mate 20 Pro | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.123\(c432e22r2p5\) |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.126\(c10e7r5p1\) |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.126\(c185e4r7p1\) |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.126\(c605e19r1p3\) |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.126\(c636e5r3p4\) |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.126\(c636e7r3p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei P30 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.273\(c636e5r2p4\) |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.275\(c10e4r2p4\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Hima L29c | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.1.0.226\(c10e3r1p1\) |
| Running on/with | Platform Versions |
|---|---|
Huawei Yale L61a | All versions |
References (2)
Source: psirt@huawei.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.