CVE-2020-36602

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*

cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*

cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*

cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*

cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*

cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*

cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:::::::*
	cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:::::::*
	cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:::::::*
	cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:::::::*
	cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:::::::*

cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp11\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp15\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp17\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp21\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp27\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp29\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp31\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\(vn2-sp33\):::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:::::::*
	cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:::::::*

cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-20 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2020-36602

Mitre link : CVE-2020-36602

CVE.ORG link : CVE-2020-36602

JSON object : View

Products Affected

huawei

586-hota-cm-h-shark-bd_firmware
cm-h-shark-bd_firmware
606-hota-cm-h-shark-bd_firmware
bi-acc-report_firmware
576up005_hota-cm-h-shark-bd_firmware
588-hota-cm-h-shark-bd_firmware
588-hota-cm-h-shark-bd
bi-acc-report
606-hota-cm-h-shark-bd
581up-hota-cm-h-shark-bd_firmware
577hota-cm-h-shark-bd
576up005_hota-cm-h-shark-bd
cm-h-shark-bd
586-hota-cm-h-shark-bd
577hota-cm-h-shark-bd_firmware
581up-hota-cm-h-shark-bd

CWE

CWE-125

Out-of-bounds Read

CWE-787

Out-of-bounds Write

6.1 /10