Out-of-bounds Read in Huawei Ar1200
CVE-2020-9071
There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending…
Vulnerability class: Buffer Overflow
EPSS: 0.006 (45.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Huawei Ar1200
- Huawei Ar1200_firmware — versions v200r007c00spc900, v200r007c00spc900pwe, v200r007c00spca00
- Huawei Ar1200-s
- Huawei Ar1200-s_firmware — versions v200r007c00spc900, v200r007c00spcb00, v200r007c00spcc00
- Huawei Ar120-s
- Huawei Ar120-s_firmware — versions v200r007c00spc900, v200r007c00spca00, v200r007c00spcb00
- Huawei Ar150
- Huawei Ar150_firmware — versions v200r007c00spc900, v200r007c00spc900pwe, v200r007c00spcb00
- Huawei Ar150-s
- Huawei Ar150-s_firmware — versions v200r007c00spc900, v200r007c00spcb00, v200r007c00spcc00
Weakness classification (CWE)
References
- psirt@huawei.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-9071?
- CVE-2020-9071 is a medium-severity vulnerability in Huawei Ar1200, classified under Out-of-bounds Read. CVSS score: 6.5/10. Published 2020-06-01.
- How severe is CVE-2020-9071?
- Medium severity. CVSS v3 base score is 6.5 out of 10.