Search criteria
3 vulnerabilities found for 581up-hota-cm-h-shark-bd_firmware by huawei
FKIE_CVE-2020-36602
Vulnerability from fkie_nvd - Published: 2022-09-20 20:15 - Updated: 2025-05-28 16:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD62EE0-E64C-4FF5-8567-2EF3A10F4C7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46D9D107-8AFF-44A8-B9BE-3122F3D9697B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*",
"matchCriteriaId": "27676C44-A16B-47A6-9C11-99DC1E795AC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "592046BB-F1E6-4296-817F-0D17A684D58E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDB97DC-3A4B-454D-9DEA-AD7A5162F936",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7144AAE-03BA-4ADB-81D0-150A7449EC79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*",
"matchCriteriaId": "95422749-5574-4106-9BA8-EC87BDEE18D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDE004F-EBF6-4DBF-9459-5D58550CBF34",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E07AE8-0C69-437B-8CC8-17061600A1B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "191C353D-9251-4E17-A8C1-EEFB3D98943B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*",
"matchCriteriaId": "DF6250D5-E660-4A07-8CA7-A59F54F2A488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E00B0F4-8959-4909-858B-8EEA64330135",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F008D3C-1BBD-4A69-98D4-315B2A5D92E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0EB4E34-03D0-47B1-8DC6-96EC1BECDDF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AB459247-22A8-48AC-B97D-948CAAFCA471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF84D47-BBEE-4004-AA47-E799ED2E1407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "267931DA-5398-465B-A149-F32C4B577486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C285118-F357-43D6-B9FE-BE1A3E0907F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp11\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F30D8A50-7540-45E0-96EB-EF1920891744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp15\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BE277CBB-DF9C-4038-8D42-76CA8771A7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp17\\):*:*:*:*:*:*:*",
"matchCriteriaId": "97381235-1F6A-4EC9-A10E-43745F2EE14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp21\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E9B68556-1AAF-49C5-BFFB-637ED0228431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp27\\):*:*:*:*:*:*:*",
"matchCriteriaId": "250E3802-BC17-40A4-A9F1-9CC89204AF50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp29\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8756F566-6BAD-4CAD-BE60-7555AE0A0D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp31\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8FB0B5FE-B422-4426-8856-A75A317F8A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp33\\):*:*:*:*:*:*:*",
"matchCriteriaId": "48B95F08-AEFF-4E97-A7EE-04864B871D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:*:*:*:*:*:*:*",
"matchCriteriaId": "352B2B08-0A5D-4212-8417-38303E8CFD34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D49229-664A-4042-93F2-A06C371FFCBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EA61A3-0583-4577-ACDE-583A3280E759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:*:*:*:*:*:*:*",
"matchCriteriaId": "C9109225-36DA-4042-A31A-94F4A75B4675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEF7C64-F872-44A3-8E2C-7104F72804D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBA91C1-6970-4340-AA35-84A74B632618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:*:*:*:*:*:*:*",
"matchCriteriaId": "C9EA888A-B3A3-4F68-B7DF-0E167A02D945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C3C896-6EEF-402B-AE02-9607DC6E8BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD877AB-DC3C-488F-A735-298B3743CEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:*:*:*:*:*:*:*",
"matchCriteriaId": "73EE9A4D-AE78-4701-A111-F0B2AFFE7C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:*:*:*:*:*:*:*",
"matchCriteriaId": "EB834B04-137F-4BC0-9BF8-EBABFB407ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*",
"matchCriteriaId": "92F09872-A718-42A9-90B5-90B8F0E6A489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:*:*:*:*:*:*:*",
"matchCriteriaId": "D019742C-A909-42B4-8436-952633863308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*",
"matchCriteriaId": "ACDED3D8-B0D5-4191-B0F2-B68B9244B2FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*",
"matchCriteriaId": "DD1BA004-40B9-43A7-800A-B811036941FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:*:*:*:*:*:*:*",
"matchCriteriaId": "04D960D1-7834-42C5-B357-0487F6E54198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6D1F2-7753-4526-BEF6-49E62684BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CD33AE-B7E9-4149-B660-313A7BF1CA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ABE5A6-A576-48DA-BE6A-049272CE50E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:*:*:*:*:*:*:*",
"matchCriteriaId": "B015ACC9-23B1-4467-AAC9-F4BB25314391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:*:*:*:*:*:*:*",
"matchCriteriaId": "B783B038-87A8-4684-94D9-C7682538BF85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:*:*:*:*:*:*:*",
"matchCriteriaId": "20FF7586-3714-4960-B69F-497727288225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE41F32-2E8B-42C1-AE6C-BA75DD049CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE6C797-4BC5-4922-A480-A670C1D5BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEEEDC8-3716-49AD-BABF-C26031D70503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:*:*:*:*:*:*:*",
"matchCriteriaId": "E6249992-4CE2-4515-9C9F-B7A09B2650B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD33F24B-8D65-49B5-8AFD-A86C767346A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de lectura y escritura fuera de l\u00edmites en algunos productos de auriculares. Un atacante no autenticado obtiene el dispositivo f\u00edsicamente y dise\u00f1a un mensaje malformado con un par\u00e1metro espec\u00edfico y env\u00eda el mensaje a los productos afectados. Debido a una insuficiente comprobaci\u00f3n del mensaje, que puede ser explotado para causar lectura y escritura fuera de l\u00edmites"
}
],
"id": "CVE-2020-36602",
"lastModified": "2025-05-28T16:15:21.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-20T20:15:09.723",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2020-36602 (GCVE-0-2020-36602)
Vulnerability from cvelistv5 – Published: 2022-09-20 19:42 – Updated: 2025-05-28 16:04
VLAI?
Summary
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
Severity ?
6.1 (Medium)
CWE
- Out-of-bounds Read and Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD |
Affected:
1.0.0.576-fullpackage
Affected: 1.0.0.577-fullpackage Affected: 1.0.0.581-fullpackage Affected: 1.0.0.586-fullpackage Affected: 1.0.0.588-fullpackage Affected: 1.0.0.606-fullpackage Affected: 1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5 Affected: 1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-36602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T16:04:35.499045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:04:39.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.0.576-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.577-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.581-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.586-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.588-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.606-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read and Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T19:42:39.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-36602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
"version": {
"version_data": [
{
"version_value": "1.0.0.576-fullpackage"
},
{
"version_value": "1.0.0.577-fullpackage"
},
{
"version_value": "1.0.0.581-fullpackage"
},
{
"version_value": "1.0.0.586-fullpackage"
},
{
"version_value": "1.0.0.588-fullpackage"
},
{
"version_value": "1.0.0.606-fullpackage"
},
{
"version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
},
{
"version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read and Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-36602",
"datePublished": "2022-09-20T19:42:39.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-05-28T16:04:39.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36602 (GCVE-0-2020-36602)
Vulnerability from nvd – Published: 2022-09-20 19:42 – Updated: 2025-05-28 16:04
VLAI?
Summary
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
Severity ?
6.1 (Medium)
CWE
- Out-of-bounds Read and Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD |
Affected:
1.0.0.576-fullpackage
Affected: 1.0.0.577-fullpackage Affected: 1.0.0.581-fullpackage Affected: 1.0.0.586-fullpackage Affected: 1.0.0.588-fullpackage Affected: 1.0.0.606-fullpackage Affected: 1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5 Affected: 1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-36602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T16:04:35.499045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:04:39.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.0.576-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.577-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.581-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.586-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.588-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.606-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read and Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T19:42:39.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-36602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
"version": {
"version_data": [
{
"version_value": "1.0.0.576-fullpackage"
},
{
"version_value": "1.0.0.577-fullpackage"
},
{
"version_value": "1.0.0.581-fullpackage"
},
{
"version_value": "1.0.0.586-fullpackage"
},
{
"version_value": "1.0.0.588-fullpackage"
},
{
"version_value": "1.0.0.606-fullpackage"
},
{
"version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
},
{
"version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read and Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-36602",
"datePublished": "2022-09-20T19:42:39.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-05-28T16:04:39.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}