var-202004-0960
Vulnerability from variot
Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 3 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1805. This vulnerability is CVE-2020-1804 and CVE-2020-1805 Is a different vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a driver not fully verifying the received parameters
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0960", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "honor v10", "scope": "lt", "trust": 1.0, "vendor": "huawei", "version": "10.0.0.156\\(c00e156r2p4\\)" }, { "model": "honor v10", "scope": "eq", "trust": 0.8, "vendor": "huawei", "version": "10.0.0.156(c00e156r2p4)" }, { "model": "honor \u003c10.0.0.156", "scope": "eq", "trust": 0.6, "vendor": "huawei", "version": "v10" }, { "model": "honor v10", "scope": "eq", "trust": 0.1, "vendor": "huawei", "version": null }, { "model": "honor v10", "scope": "eq", "trust": 0.1, "vendor": "huawei", "version": "9.0.0.156(c00e156r2p14t8)" }, { "model": "honor v10", "scope": "eq", "trust": 0.1, "vendor": "huawei", "version": "9.0.0.159(c432e4r1p9t8)" }, { "model": "honor v10", "scope": "eq", "trust": 0.1, "vendor": "huawei", "version": "9.0.0.159(c636e3r1p12t8)" }, { "model": "honor v10", "scope": "eq", "trust": 0.1, "vendor": "huawei", "version": "9.1.0.333(c00e333r2p1t8)" }, { "model": "honor v10", "scope": "eq", "trust": 0.1, "vendor": "huawei", "version": "9.1.0.351(c432e5r1p13t8)" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-27116" }, { "db": "VULMON", "id": "CVE-2020-1806" }, { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "NVD", "id": "CVE-2020-1806" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.0.156\\(c00e156r2p4\\)", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-1806" } ] }, "cve": "CVE-2020-1806", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-004653", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2020-27116", "impactScore": 4.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-1806", "impactScore": 4.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-004653", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-1806", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2020-004653", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-27116", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202004-1966", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2020-1806", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-27116" }, { "db": "VULMON", "id": "CVE-2020-1806" }, { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "NVD", "id": "CVE-2020-1806" }, { "db": "CNNVD", "id": "CNNVD-202004-1966" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 3 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1805. This vulnerability is CVE-2020-1804 and CVE-2020-1805 Is a different vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a driver not fully verifying the received parameters", "sources": [ { "db": "NVD", "id": "CVE-2020-1806" }, { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "CNVD", "id": "CNVD-2020-27116" }, { "db": "VULMON", "id": "CVE-2020-1806" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-1806", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2020-004653", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-27116", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202004-1966", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-1806", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-27116" }, { "db": "VULMON", "id": "CVE-2020-1806" }, { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "NVD", "id": "CVE-2020-1806" }, { "db": "CNNVD", "id": "CNNVD-202004-1966" } ] }, "id": "VAR-202004-0960", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-27116" } ], "trust": 1.18944035 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "IoT" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-27116" } ] }, "last_update_date": "2023-12-18T13:01:47.069000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "huawei-sa-20200422-02-smartphone", "trust": 0.8, "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en" }, { "title": "Patch for Huawei Honor V10 Cross-Border Reading Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/216729" }, { "title": "Huawei Honor V10 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=116733" }, { "title": "Huawei Security Advisories: Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphones", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories\u0026qid=710862441ad85228271816b080be03e9" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-27116" }, { "db": "VULMON", "id": "CVE-2020-1806" }, { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "CNNVD", "id": "CNNVD-202004-1966" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "NVD", "id": "CVE-2020-1806" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1806" }, { "trust": 1.8, "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1806" }, { "trust": 0.6, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200422-02-smartphone-cn" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/125.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-27116" }, { "db": "VULMON", "id": "CVE-2020-1806" }, { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "NVD", "id": "CVE-2020-1806" }, { "db": "CNNVD", "id": "CNNVD-202004-1966" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-27116" }, { "db": "VULMON", "id": "CVE-2020-1806" }, { "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "db": "NVD", "id": "CVE-2020-1806" }, { "db": "CNNVD", "id": "CNNVD-202004-1966" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-05-08T00:00:00", "db": "CNVD", "id": "CNVD-2020-27116" }, { "date": "2020-04-27T00:00:00", "db": "VULMON", "id": "CVE-2020-1806" }, { "date": "2020-05-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "date": "2020-04-27T15:15:13.017000", "db": "NVD", "id": "CVE-2020-1806" }, { "date": "2020-04-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-1966" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-05-08T00:00:00", "db": "CNVD", "id": "CNVD-2020-27116" }, { "date": "2020-04-30T00:00:00", "db": "VULMON", "id": "CVE-2020-1806" }, { "date": "2020-05-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-004653" }, { "date": "2020-04-30T19:30:50.007000", "db": "NVD", "id": "CVE-2020-1806" }, { "date": "2020-05-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-1966" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-1966" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Huawei Honor V10 Out-of-bounds read vulnerabilities on smartphones", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-004653" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202004-1966" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.