CVE-2020-9071

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar1200-s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:huawei:ar150_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar150-s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:huawei:ar160_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar160_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:huawei:ar200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar200-s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar2200-s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spca00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spc900pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spcb00pwe:*:*:*:*:*:*:*
cpe:2.3:o:huawei:ar3600_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar3600:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:huawei:ar510_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:h:huawei:ar510:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:huawei:srg1300_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg1300_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg1300:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
OR cpe:2.3:o:huawei:srg2300_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg2300_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg2300:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
OR cpe:2.3:o:huawei:srg3300_firmware:v200r007c00spc900:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r007c00spcb00:*:*:*:*:*:*:*
cpe:2.3:o:huawei:srg3300_firmware:v200r007c00spcc00:*:*:*:*:*:*:*
cpe:2.3:h:huawei:srg3300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-01-oob-en - Vendor Advisory () https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-01-oob-en - Vendor Advisory

Information

Published : 2020-06-01 15:15

Updated : 2024-11-21 05:39


NVD link : CVE-2020-9071

Mitre link : CVE-2020-9071

CVE.ORG link : CVE-2020-9071


JSON object : View

Products Affected

huawei

  • ar3200_firmware
  • ar2200-s
  • ar200_firmware
  • ar510
  • ar3200
  • netengine16ex
  • ar510_firmware
  • netengine16ex_firmware
  • ar2200-s_firmware
  • srg1300_firmware
  • srg1300
  • ar200-s_firmware
  • ar120-s_firmware
  • ar160_firmware
  • srg2300_firmware
  • ar1200-s_firmware
  • srg3300
  • ar2200_firmware
  • ar200-s
  • ar160
  • ar1200_firmware
  • ar150-s
  • ar1200-s
  • ar120-s
  • srg3300_firmware
  • ar3600
  • ar150-s_firmware
  • ar200
  • ar3600_firmware
  • ar2200
  • ar1200
  • ar150_firmware
  • ar150
  • srg2300
CWE
CWE-125

Out-of-bounds Read