Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huaweiHuawei TechnologiesHUAWEI-SA-20220826-01-OUTOFBOUNDREAD
HistorySep 01, 2022 - 12:00 a.m.

Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Headset Products

2022-09-0100:00:00
Huawei Technologies
www.huawei.com
21
security advisory
huawei
headset products
vulnerability
out-of-bounds read
write
unauthenticated attacker
device physical access
crafted malformed message
cve-2020-36602
software updates

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

26.4%

JSON

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write. (Vulnerability ID: HWPSIRT-2020-87976)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-36602.

For products that have released software updates to fix this vulnerability, Huawei will release and update the Security Advisory at:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en&gt;

Affected configurations

Vulners
Node
huawei576up005_hota-cm-h-shark-bd_firmwareMatch1.0.0.576-fullpackage
OR
huawei577hota-cm-h-shark-bd_firmwareMatch1.0.0.577-fullpackage
OR
huawei581up-hota-cm-h-shark-bd_firmwareMatch1.0.0.581-fullpackage
OR
huawei586-hota-cm-h-shark-bd_firmwareMatch1.0.0.586-fullpackage
OR
huawei588-hota-cm-h-shark-bd_firmwareMatch1.0.0.588-fullpackage
OR
huawei606-hota-cm-h-shark-bd_firmwareMatch1.0.0.606-fullpackage
OR
huaweibi-acc-report_firmwareMatch1.0.0.1
OR
huaweibi-acc-report_firmwareMatch1.0.0.2
OR
huaweibi-acc-report_firmwareMatch1.0.0.3
OR
huaweibi-acc-report_firmwareMatch1.0.0.4
OR
huaweibi-acc-report_firmwareMatch1.0.0.5
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.106
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.116
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.202
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.208
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.216
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.226
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.228
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.510
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.520
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.522
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.566
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.576
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.578
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.586
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.588
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.208
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.216
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.226
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.228
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.510
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.520
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.522
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.566
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.578
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.586
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.588
VendorProductVersionCPE
huawei576up005_hota-cm-h-shark-bd_firmware1.0.0.576-fullpackagecpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576-fullpackage:*:*:*:*:*:*:*
huawei577hota-cm-h-shark-bd_firmware1.0.0.577-fullpackagecpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577-fullpackage:*:*:*:*:*:*:*
huawei581up-hota-cm-h-shark-bd_firmware1.0.0.581-fullpackagecpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581-fullpackage:*:*:*:*:*:*:*
huawei586-hota-cm-h-shark-bd_firmware1.0.0.586-fullpackagecpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586-fullpackage:*:*:*:*:*:*:*
huawei588-hota-cm-h-shark-bd_firmware1.0.0.588-fullpackagecpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588-fullpackage:*:*:*:*:*:*:*
huawei606-hota-cm-h-shark-bd_firmware1.0.0.606-fullpackagecpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606-fullpackage:*:*:*:*:*:*:*
huaweibi-acc-report_firmware1.0.0.1cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*
huaweibi-acc-report_firmware1.0.0.2cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*
huaweibi-acc-report_firmware1.0.0.3cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*
huaweibi-acc-report_firmware1.0.0.4cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

Related

cvelist 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2020-36602
2022-09-20 19:42:39
cve
cve
CVE-2020-36602
2022-09-20 20:15:09
prion
prion
Out-of-bounds
2022-09-20 20:15:00
nvd
nvd
CVE-2020-36602
2022-09-20 20:15:09

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

26.4%

JSON
Related for HUAWEI-SA-20220826-01-OUTOFBOUNDREAD
cvelist1cve1prion1nvd1