Vulnerabilites related to Huawei - HUAWEI 4G Router B612
CVE-2020-9086 (GCVE-0-2020-9086)
Vulnerability from cvelistv5
Published
2024-12-27 09:40
Modified
2024-12-27 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-124 - Buffer Underwrite ('Buffer Underflow')
Summary
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | HUAWEI 4G Router B612 |
Version: B612s-25dTCPU-V100R001B192D03SP00C234 Version: B612s-25dTCPU-V100R001B192D03SP00C287 Version: B612s-25dTCPU-V100R001B192D05SP00C00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T15:06:44.647462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T15:06:52.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HUAWEI 4G Router B612",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "B612s-25dTCPU-V100R001B192D03SP00C234"
},
{
"status": "affected",
"version": "B612s-25dTCPU-V100R001B192D03SP00C287"
},
{
"status": "affected",
"version": "B612s-25dTCPU-V100R001B192D05SP00C00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.\u003c/p\u003e"
}
],
"value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "CWE-124 Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T09:40:03.261Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9086",
"datePublished": "2024-12-27T09:40:03.261Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-12-27T15:06:52.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9085 (GCVE-0-2020-9085)
Vulnerability from cvelistv5
Published
2024-12-27 09:37
Modified
2024-12-27 16:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei | HUAWEI 4G Router B612 |
Version: B612s-25dTCPU-V100R001B192D03SP00C234 Version: B612s-25dTCPU-V100R001B192D03SP00C287 Version: B612s-25dTCPU-V100R001B192D05SP00C00 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-9085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T16:06:08.948495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T16:06:19.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HUAWEI 4G Router B612",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "B612s-25dTCPU-V100R001B192D03SP00C234"
},
{
"status": "affected",
"version": "B612s-25dTCPU-V100R001B192D03SP00C287"
},
{
"status": "affected",
"version": "B612s-25dTCPU-V100R001B192D05SP00C00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.\u003c/p\u003e"
}
],
"value": "There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T09:37:46.838Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9085",
"datePublished": "2024-12-27T09:37:46.838Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-12-27T16:06:19.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}