CVE-2020-36602 (GCVE-0-2020-36602)
Vulnerability from cvelistv5 – Published: 2022-09-20 19:42 – Updated: 2025-05-28 16:04
VLAI?
Summary
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
Severity ?
6.1 (Medium)
CWE
- Out-of-bounds Read and Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | 576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD |
Affected:
1.0.0.576-fullpackage
Affected: 1.0.0.577-fullpackage Affected: 1.0.0.581-fullpackage Affected: 1.0.0.586-fullpackage Affected: 1.0.0.588-fullpackage Affected: 1.0.0.606-fullpackage Affected: 1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5 Affected: 1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:30:08.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-36602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T16:04:35.499045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:04:39.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0.0.576-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.577-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.581-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.586-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.588-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.606-fullpackage"
},
{
"status": "affected",
"version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
},
{
"status": "affected",
"version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read and Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-20T19:42:39.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-36602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
"version": {
"version_data": [
{
"version_value": "1.0.0.576-fullpackage"
},
{
"version_value": "1.0.0.577-fullpackage"
},
{
"version_value": "1.0.0.581-fullpackage"
},
{
"version_value": "1.0.0.586-fullpackage"
},
{
"version_value": "1.0.0.588-fullpackage"
},
{
"version_value": "1.0.0.606-fullpackage"
},
{
"version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
},
{
"version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read and Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-36602",
"datePublished": "2022-09-20T19:42:39.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-05-28T16:04:39.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CD62EE0-E64C-4FF5-8567-2EF3A10F4C7B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D9D107-8AFF-44A8-B9BE-3122F3D9697B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27676C44-A16B-47A6-9C11-99DC1E795AC1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"592046BB-F1E6-4296-817F-0D17A684D58E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EDB97DC-3A4B-454D-9DEA-AD7A5162F936\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7144AAE-03BA-4ADB-81D0-150A7449EC79\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95422749-5574-4106-9BA8-EC87BDEE18D5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADDE004F-EBF6-4DBF-9459-5D58550CBF34\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5E07AE8-0C69-437B-8CC8-17061600A1B6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"191C353D-9251-4E17-A8C1-EEFB3D98943B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF6250D5-E660-4A07-8CA7-A59F54F2A488\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E00B0F4-8959-4909-858B-8EEA64330135\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F008D3C-1BBD-4A69-98D4-315B2A5D92E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0EB4E34-03D0-47B1-8DC6-96EC1BECDDF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB459247-22A8-48AC-B97D-948CAAFCA471\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FF84D47-BBEE-4004-AA47-E799ED2E1407\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"267931DA-5398-465B-A149-F32C4B577486\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C285118-F357-43D6-B9FE-BE1A3E0907F2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp11\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F30D8A50-7540-45E0-96EB-EF1920891744\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp15\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE277CBB-DF9C-4038-8D42-76CA8771A7DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp17\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97381235-1F6A-4EC9-A10E-43745F2EE14C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp21\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9B68556-1AAF-49C5-BFFB-637ED0228431\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp27\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"250E3802-BC17-40A4-A9F1-9CC89204AF50\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp29\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8756F566-6BAD-4CAD-BE60-7555AE0A0D61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp31\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FB0B5FE-B422-4426-8856-A75A317F8A5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp33\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48B95F08-AEFF-4E97-A7EE-04864B871D0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"352B2B08-0A5D-4212-8417-38303E8CFD34\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7D49229-664A-4042-93F2-A06C371FFCBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6EA61A3-0583-4577-ACDE-583A3280E759\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9109225-36DA-4042-A31A-94F4A75B4675\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EEF7C64-F872-44A3-8E2C-7104F72804D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FBA91C1-6970-4340-AA35-84A74B632618\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9EA888A-B3A3-4F68-B7DF-0E167A02D945\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9C3C896-6EEF-402B-AE02-9607DC6E8BD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AD877AB-DC3C-488F-A735-298B3743CEE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73EE9A4D-AE78-4701-A111-F0B2AFFE7C89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB834B04-137F-4BC0-9BF8-EBABFB407ED3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92F09872-A718-42A9-90B5-90B8F0E6A489\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D019742C-A909-42B4-8436-952633863308\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACDED3D8-B0D5-4191-B0F2-B68B9244B2FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD1BA004-40B9-43A7-800A-B811036941FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04D960D1-7834-42C5-B357-0487F6E54198\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEB6D1F2-7753-4526-BEF6-49E62684BF87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3CD33AE-B7E9-4149-B660-313A7BF1CA53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9ABE5A6-A576-48DA-BE6A-049272CE50E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B015ACC9-23B1-4467-AAC9-F4BB25314391\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B783B038-87A8-4684-94D9-C7682538BF85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20FF7586-3714-4960-B69F-497727288225\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAE41F32-2E8B-42C1-AE6C-BA75DD049CEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADE6C797-4BC5-4922-A480-A670C1D5BB55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEEEEDC8-3716-49AD-BABF-C26031D70503\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6249992-4CE2-4515-9C9F-B7A09B2650B1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD33F24B-8D65-49B5-8AFD-A86C767346A9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de lectura y escritura fuera de l\\u00edmites en algunos productos de auriculares. Un atacante no autenticado obtiene el dispositivo f\\u00edsicamente y dise\\u00f1a un mensaje malformado con un par\\u00e1metro espec\\u00edfico y env\\u00eda el mensaje a los productos afectados. Debido a una insuficiente comprobaci\\u00f3n del mensaje, que puede ser explotado para causar lectura y escritura fuera de l\\u00edmites\"}]",
"id": "CVE-2020-36602",
"lastModified": "2024-11-21T05:29:52.200",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 5.2}]}",
"published": "2022-09-20T20:15:09.723",
"references": "[{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-36602\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2022-09-20T20:15:09.723\",\"lastModified\":\"2025-05-28T16:15:21.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de lectura y escritura fuera de l\u00edmites en algunos productos de auriculares. Un atacante no autenticado obtiene el dispositivo f\u00edsicamente y dise\u00f1a un mensaje malformado con un par\u00e1metro espec\u00edfico y env\u00eda el mensaje a los productos afectados. Debido a una insuficiente comprobaci\u00f3n del mensaje, que puede ser explotado para causar lectura y escritura fuera de l\u00edmites\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD62EE0-E64C-4FF5-8567-2EF3A10F4C7B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D9D107-8AFF-44A8-B9BE-3122F3D9697B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27676C44-A16B-47A6-9C11-99DC1E795AC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"592046BB-F1E6-4296-817F-0D17A684D58E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EDB97DC-3A4B-454D-9DEA-AD7A5162F936\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7144AAE-03BA-4ADB-81D0-150A7449EC79\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95422749-5574-4106-9BA8-EC87BDEE18D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADDE004F-EBF6-4DBF-9459-5D58550CBF34\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E07AE8-0C69-437B-8CC8-17061600A1B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"191C353D-9251-4E17-A8C1-EEFB3D98943B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF6250D5-E660-4A07-8CA7-A59F54F2A488\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E00B0F4-8959-4909-858B-8EEA64330135\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F008D3C-1BBD-4A69-98D4-315B2A5D92E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0EB4E34-03D0-47B1-8DC6-96EC1BECDDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB459247-22A8-48AC-B97D-948CAAFCA471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FF84D47-BBEE-4004-AA47-E799ED2E1407\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"267931DA-5398-465B-A149-F32C4B577486\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C285118-F357-43D6-B9FE-BE1A3E0907F2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp11\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F30D8A50-7540-45E0-96EB-EF1920891744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp15\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE277CBB-DF9C-4038-8D42-76CA8771A7DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp17\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97381235-1F6A-4EC9-A10E-43745F2EE14C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp21\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9B68556-1AAF-49C5-BFFB-637ED0228431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp27\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"250E3802-BC17-40A4-A9F1-9CC89204AF50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp29\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756F566-6BAD-4CAD-BE60-7555AE0A0D61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp31\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB0B5FE-B422-4426-8856-A75A317F8A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\\\(vn2-sp33\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48B95F08-AEFF-4E97-A7EE-04864B871D0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"352B2B08-0A5D-4212-8417-38303E8CFD34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7D49229-664A-4042-93F2-A06C371FFCBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6EA61A3-0583-4577-ACDE-583A3280E759\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9109225-36DA-4042-A31A-94F4A75B4675\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EEF7C64-F872-44A3-8E2C-7104F72804D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FBA91C1-6970-4340-AA35-84A74B632618\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9EA888A-B3A3-4F68-B7DF-0E167A02D945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9C3C896-6EEF-402B-AE02-9607DC6E8BD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AD877AB-DC3C-488F-A735-298B3743CEE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73EE9A4D-AE78-4701-A111-F0B2AFFE7C89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB834B04-137F-4BC0-9BF8-EBABFB407ED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92F09872-A718-42A9-90B5-90B8F0E6A489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D019742C-A909-42B4-8436-952633863308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACDED3D8-B0D5-4191-B0F2-B68B9244B2FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD1BA004-40B9-43A7-800A-B811036941FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D960D1-7834-42C5-B357-0487F6E54198\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB6D1F2-7753-4526-BEF6-49E62684BF87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3CD33AE-B7E9-4149-B660-313A7BF1CA53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9ABE5A6-A576-48DA-BE6A-049272CE50E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B015ACC9-23B1-4467-AAC9-F4BB25314391\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B783B038-87A8-4684-94D9-C7682538BF85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20FF7586-3714-4960-B69F-497727288225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAE41F32-2E8B-42C1-AE6C-BA75DD049CEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADE6C797-4BC5-4922-A480-A670C1D5BB55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEEEEDC8-3716-49AD-BABF-C26031D70503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6249992-4CE2-4515-9C9F-B7A09B2650B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD33F24B-8D65-49B5-8AFD-A86C767346A9\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T17:30:08.396Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-36602\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-28T16:04:35.499045Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T16:04:31.445Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0.576-fullpackage\"}, {\"status\": \"affected\", \"version\": \"1.0.0.577-fullpackage\"}, {\"status\": \"affected\", \"version\": \"1.0.0.581-fullpackage\"}, {\"status\": \"affected\", \"version\": \"1.0.0.586-fullpackage\"}, {\"status\": \"affected\", \"version\": \"1.0.0.588-fullpackage\"}, {\"status\": \"affected\", \"version\": \"1.0.0.606-fullpackage\"}, {\"status\": \"affected\", \"version\": \"1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5\"}, {\"status\": \"affected\", \"version\": \"1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588\"}]}], \"references\": [{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Out-of-bounds Read and Write\"}]}], \"providerMetadata\": {\"orgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"shortName\": \"huawei\", \"dateUpdated\": \"2022-09-20T19:42:39.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"1.0.0.576-fullpackage\"}, {\"version_value\": \"1.0.0.577-fullpackage\"}, {\"version_value\": \"1.0.0.581-fullpackage\"}, {\"version_value\": \"1.0.0.586-fullpackage\"}, {\"version_value\": \"1.0.0.588-fullpackage\"}, {\"version_value\": \"1.0.0.606-fullpackage\"}, {\"version_value\": \"1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5\"}, {\"version_value\": \"1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588\"}]}, \"product_name\": \"576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\", \"name\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Out-of-bounds Read and Write\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-36602\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@huawei.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2020-36602\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-28T16:04:39.495Z\", \"dateReserved\": \"2022-08-25T00:00:00.000Z\", \"assignerOrgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"datePublished\": \"2022-09-20T19:42:39.000Z\", \"assignerShortName\": \"huawei\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…