What is CVE-2020-9209?

CVE-2020-9209 is a medium-severity vulnerability in Huawei Smc2.0, classified under Missing Authorization. CVSS score: 6.7/10. Published 2021-01-13.

How severe is CVE-2020-9209?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Auth bypass in Huawei Smc2.0

CVE-2020-9209

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file…

Vulnerability class: Broken Access Control

EPSS: 0.002 (11.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Huawei Smc2.0
Huawei Smc2.0_firmware — versions v600r006c00spc700, v600r006c00spc800, v600r006c10spc500
N/a Smc2.0 — versions V600R006C00SPC700,V600R006C00SPC800,V600R006C10SPC500,V600R006C10SPC600,V600R006C10SPC601,V600R006C10SPC602,V600R006C10SPC700,V600R006C10SPC800,V600R006C10SPCa00,V600R006C10SPCb00,V600R006C10SPCc00,V600R006C10SPCd00,V600R006C10SPCe00,V600R019C00,V600R019C10

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

psirt@huawei.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-9209?: CVE-2020-9209 is a medium-severity vulnerability in Huawei Smc2.0, classified under Missing Authorization. CVSS score: 6.7/10. Published 2021-01-13.
How severe is CVE-2020-9209?: Medium severity. CVSS v3 base score is 6.7 out of 10.