cvelistv5 - cve-2020-9086

CVE-2020-9086 (GCVE-0-2020-9086)

Vulnerability from cvelistv5 – Published: 2024-12-27 09:40 – Updated: 2024-12-27 15:06

Summary

There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-124 - Buffer Underwrite ('Buffer Underflow')

Assigner

huawei

References

URL

Tags

https://www.huawei.com/en/psirt/security-advisori…

Impacted products

	Vendor	Product	Version
	Huawei	HUAWEI 4G Router B612	Affected: B612s-25dTCPU-V100R001B192D03SP00C234 Affected: B612s-25dTCPU-V100R001B192D03SP00C287 Affected: B612s-25dTCPU-V100R001B192D05SP00C00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-9086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-27T15:06:44.647462Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-27T15:06:52.987Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "HUAWEI 4G Router B612",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "B612s-25dTCPU-V100R001B192D03SP00C234"
            },
            {
              "status": "affected",
              "version": "B612s-25dTCPU-V100R001B192D03SP00C287"
            },
            {
              "status": "affected",
              "version": "B612s-25dTCPU-V100R001B192D05SP00C00"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.\u003c/p\u003e"
            }
          ],
          "value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-124",
              "description": "CWE-124 Buffer Underwrite (\u0027Buffer Underflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-27T09:40:03.261Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-9086",
    "datePublished": "2024-12-27T09:40:03.261Z",
    "dateReserved": "2020-02-18T00:00:00.000Z",
    "dateUpdated": "2024-12-27T15:06:52.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c234:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5DA74362-63EF-402C-8DE4-608BF00B9A22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c287:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7B3FDDF-0E22-4778-B4B3-A9E77A7E8D80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d05sp00c00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D187A75B-E3D7-4B34-B2E5-F5FA8E557F80\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:b612:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F304357B-3B8D-49C0-AD8A-DC7F11B586BC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\\n\\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de error de b\\u00fafer en algunos productos de Huawei. Un atacante no autenticado puede enviar un mensaje UPNP especial a los productos afectados. Debido a la validaci\\u00f3n de entrada insuficiente de alg\\u00fan valor, una explotaci\\u00f3n exitosa puede provocar que algunos servicios sean anormales. (Identificaci\\u00f3n de vulnerabilidad: HWPSIRT-2017-08234) A esta vulnerabilidad se le ha asignado una identificaci\\u00f3n de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-9086.\"}]",
      "id": "CVE-2020-9086",
      "lastModified": "2025-01-13T19:34:15.140",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@huawei.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2024-12-27T10:15:12.800",
      "references": "[{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"psirt@huawei.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-124\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-9086\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2024-12-27T10:15:12.800\",\"lastModified\":\"2025-01-13T19:34:15.140\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\\n\\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de error de b\u00fafer en algunos productos de Huawei. Un atacante no autenticado puede enviar un mensaje UPNP especial a los productos afectados. Debido a la validaci\u00f3n de entrada insuficiente de alg\u00fan valor, una explotaci\u00f3n exitosa puede provocar que algunos servicios sean anormales. (Identificaci\u00f3n de vulnerabilidad: HWPSIRT-2017-08234) A esta vulnerabilidad se le ha asignado una identificaci\u00f3n de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-9086.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@huawei.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@huawei.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-124\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c234:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA74362-63EF-402C-8DE4-608BF00B9A22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c287:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7B3FDDF-0E22-4778-B4B3-A9E77A7E8D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d05sp00c00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D187A75B-E3D7-4B34-B2E5-F5FA8E557F80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:b612:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F304357B-3B8D-49C0-AD8A-DC7F11B586BC\"}]}]}],\"references\":[{\"url\":\"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-9086\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-27T15:06:44.647462Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-27T15:06:48.740Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Huawei\", \"product\": \"HUAWEI 4G Router B612\", \"versions\": [{\"status\": \"affected\", \"version\": \"B612s-25dTCPU-V100R001B192D03SP00C234\"}, {\"status\": \"affected\", \"version\": \"B612s-25dTCPU-V100R001B192D03SP00C287\"}, {\"status\": \"affected\", \"version\": \"B612s-25dTCPU-V100R001B192D05SP00C00\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\\n\\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThere is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\u003c/p\u003e\u003cp\u003eThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-124\", \"description\": \"CWE-124 Buffer Underwrite (\u0027Buffer Underflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"shortName\": \"huawei\", \"dateUpdated\": \"2024-12-27T09:40:03.261Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-9086\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-27T15:06:52.987Z\", \"dateReserved\": \"2020-02-18T00:00:00.000Z\", \"assignerOrgId\": \"25ac1063-e409-4190-8079-24548c77ea2e\", \"datePublished\": \"2024-12-27T09:40:03.261Z\", \"assignerShortName\": \"huawei\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2020-9086

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2020-9086

Aliases

CVE-2020-9086

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9086",
    "id": "GSD-2020-9086"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9086"
      ],
      "id": "GSD-2020-9086",
      "modified": "2023-12-13T01:21:52.583853Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-9086",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

VAR-202008-1265

Vulnerability from variot - Updated: 2022-05-04 09:55

Huawei 4G Router B612 is an LTE router product of China's Huawei (Huawei) company. The product can use 4G network as a shared hotspot.

Huawei 4G Router B612 has security vulnerabilities. The vulnerability stems from the program not validating the input correctly. An attacker without authentication can use this vulnerability to cause abnormal service by sending a specially crafted UPNP message to the affected device.

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202008-1265",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "4g router b612 b612s-25dtcpu-v100r001b192d03sp00c287",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "4g router b612 b612s-25dtcpu-v100r001b192d05sp00c00",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "4g router b612 b612s-25dtcpu-v100r001b192d03sp00c234",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      }
    ]
  },
  "cve": "CVE-2020-9086",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-01059",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "CNVD",
            "id": "CNVD-2021-01059",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202008-1268",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei 4G Router B612 is an LTE router product of China\u0027s Huawei (Huawei) company. The product can use 4G network as a shared hotspot.\n\r\n\r\nHuawei 4G Router B612 has security vulnerabilities. The vulnerability stems from the program not validating the input correctly. An attacker without authentication can use this vulnerability to cause abnormal service by sending a specially crafted UPNP message to the affected device.",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      }
    ],
    "trust": 0.6
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9086",
        "trust": 1.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-1268",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ]
  },
  "id": "VAR-202008-1265",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      }
    ]
  },
  "last_update_date": "2022-05-04T09:55:31.006000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Huawei 4G Router B612 Null Pointer Dereference Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/243367"
      },
      {
        "title": "Repair measures for Huawei related security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126912"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9086"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-01-buffer_cn"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      },
      {
        "date": "2020-08-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-01-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      },
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei 4G Router B612 Null Pointer Dereference Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-01059"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202008-1268"
      }
    ],
    "trust": 0.6
  }
}

GHSA-FFW9-QR6V-4C9C

Vulnerability from github – Published: 2024-12-27 12:30 – Updated: 2024-12-27 12:30

Details

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-124",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T10:15:12Z",
    "severity": "MODERATE"
  },
  "details": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.",
  "id": "GHSA-ffw9-qr6v-4c9c",
  "modified": "2024-12-27T12:30:35Z",
  "published": "2024-12-27T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9086"
    },
    {
      "type": "WEB",
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2020-9086

Vulnerability from fkie_nvd - Published: 2024-12-27 10:15 - Updated: 2025-01-13 19:34

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	psirt@huawei.com	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	b612_firmware	b612s-25dtcpu-v100r001b192d03sp00c234
huawei	b612_firmware	b612s-25dtcpu-v100r001b192d03sp00c287
huawei	b612_firmware	b612s-25dtcpu-v100r001b192d05sp00c00
huawei	b612	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c234:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA74362-63EF-402C-8DE4-608BF00B9A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c287:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7B3FDDF-0E22-4778-B4B3-A9E77A7E8D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d05sp00c00:*:*:*:*:*:*:*",
              "matchCriteriaId": "D187A75B-E3D7-4B34-B2E5-F5FA8E557F80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:b612:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F304357B-3B8D-49C0-AD8A-DC7F11B586BC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de error de b\u00fafer en algunos productos de Huawei. Un atacante no autenticado puede enviar un mensaje UPNP especial a los productos afectados. Debido a la validaci\u00f3n de entrada insuficiente de alg\u00fan valor, una explotaci\u00f3n exitosa puede provocar que algunos servicios sean anormales. (Identificaci\u00f3n de vulnerabilidad: HWPSIRT-2017-08234) A esta vulnerabilidad se le ha asignado una identificaci\u00f3n de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-9086."
    }
  ],
  "id": "CVE-2020-9086",
  "lastModified": "2025-01-13T19:34:15.140",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@huawei.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-12-27T10:15:12.800",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-124"
        }
      ],
      "source": "psirt@huawei.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-01059

Vulnerability from cnvd - Published: 2021-01-07

Title

Huawei 4G Router B612空指针解引用漏洞

Description

Huawei 4G Router B612是中国华为（Huawei）公司的一个LTE路由器产品。该产品可以使用4G网络做共享热点。 Huawei 4G Router B612存在安全漏洞。该漏洞源于程序未对输入进行正确验证。未经身份认证的攻击者可通过向受影响设备发送特制的UPNP消息利用该漏洞导致服务异常。

Severity

中

Patch Name

Huawei 4G Router B612空指针解引用漏洞的补丁

Patch Description

Huawei 4G Router B612是中国华为（Huawei）公司的一个LTE路由器产品。该产品可以使用4G网络做共享热点。 Huawei 4G Router B612存在安全漏洞。该漏洞源于程序未对输入进行正确验证。未经身份认证的攻击者可通过向受影响设备发送特制的UPNP消息利用该漏洞导致服务异常。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-9086

Impacted products

Name
['Huawei Huawei 4G Router B612 B612s-25dTCPU-V100R001B192D03SP00C287', 'Huawei Huawei 4G Router B612 B612s-25dTCPU-V100R001B192D05SP00C00', 'Huawei HUAWEI 4G Router B612 B612s-25dTCPU-V100R001B192D03SP00C234']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9086",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-9086"
    }
  },
  "description": "Huawei 4G Router B612\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u4e2aLTE\u8def\u7531\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u53ef\u4ee5\u4f7f\u75284G\u7f51\u7edc\u505a\u5171\u4eab\u70ed\u70b9\u3002\n\nHuawei 4G Router B612\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5bf9\u8f93\u5165\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u7279\u5236\u7684UPNP\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5f02\u5e38\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-01059",
  "openTime": "2021-01-07",
  "patchDescription": "Huawei 4G Router B612\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u4e2aLTE\u8def\u7531\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u53ef\u4ee5\u4f7f\u75284G\u7f51\u7edc\u505a\u5171\u4eab\u70ed\u70b9\u3002\r\n\r\nHuawei 4G Router B612\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5bf9\u8f93\u5165\u8fdb\u884c\u6b63\u786e\u9a8c\u8bc1\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u7279\u5236\u7684UPNP\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u670d\u52a1\u5f02\u5e38\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei 4G Router B612\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei Huawei 4G Router B612 B612s-25dTCPU-V100R001B192D03SP00C287",
      "Huawei Huawei 4G Router B612 B612s-25dTCPU-V100R001B192D05SP00C00",
      "Huawei HUAWEI 4G Router B612 B612s-25dTCPU-V100R001B192D03SP00C234"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9086",
  "serverity": "\u4e2d",
  "submitTime": "2020-12-14",
  "title": "Huawei 4G Router B612\u7a7a\u6307\u9488\u89e3\u5f15\u7528\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9086 (GCVE-0-2020-9086)

GSD-2020-9086

VAR-202008-1265

GHSA-FFW9-QR6V-4C9C

FKIE_CVE-2020-9086

CNVD-2021-01059

Tags

Sightings

Nomenclature