Lucene search

K
nvd[email protected]NVD:CVE-2020-36602
HistorySep 20, 2022 - 8:15 p.m.

CVE-2020-36602

2022-09-2020:15:09
CWE-125
CWE-787
web.nvd.nist.gov
7
headset products
vulnerability
unauthenticated attacker
message validation
out-of-bounds read
out-of-bounds write

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

26.4%

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.

Affected configurations

Nvd
Node
huawei576up005_hota-cm-h-shark-bdMatch-
AND
huawei576up005_hota-cm-h-shark-bd_firmwareMatch1.0.0.576
Node
huawei577hota-cm-h-shark-bdMatch-
AND
huawei577hota-cm-h-shark-bd_firmwareMatch1.0.0.577
Node
huawei581up-hota-cm-h-shark-bdMatch-
AND
huawei581up-hota-cm-h-shark-bd_firmwareMatch1.0.0.581
Node
huawei586-hota-cm-h-shark-bdMatch-
AND
huawei586-hota-cm-h-shark-bd_firmwareMatch1.0.0.586
Node
huawei588-hota-cm-h-shark-bdMatch-
AND
huawei588-hota-cm-h-shark-bd_firmwareMatch1.0.0.588
Node
huawei606-hota-cm-h-shark-bdMatch-
AND
huawei606-hota-cm-h-shark-bd_firmwareMatch1.0.0.606
Node
huaweibi-acc-reportMatch-
AND
huaweibi-acc-report_firmwareMatch1.0.0.1
OR
huaweibi-acc-report_firmwareMatch1.0.0.2
OR
huaweibi-acc-report_firmwareMatch1.0.0.3
OR
huaweibi-acc-report_firmwareMatch1.0.0.4
OR
huaweibi-acc-report_firmwareMatch1.0.0.5
Node
huaweicm-h-shark-bdMatch-
AND
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp11\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp15\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp17\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp21\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp27\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp29\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp31\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.66\(vn2-sp33\)
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.106
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.116
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.202
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.208
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.216
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.226
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.228
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.510
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.520
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.522
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.566
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.576
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.578
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.586
OR
huaweicm-h-shark-bd_firmwareMatch1.0.0.588
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.208
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.216
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.226
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.228
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.510
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.520
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.522
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.566
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.578
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.586
OR
huaweicm-h-shark-bd_firmwareMatch1.9.0.588
VendorProductVersionCPE
huawei576up005_hota-cm-h-shark-bd-cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*
huawei576up005_hota-cm-h-shark-bd_firmware1.0.0.576cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*
huawei577hota-cm-h-shark-bd-cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*
huawei577hota-cm-h-shark-bd_firmware1.0.0.577cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*
huawei581up-hota-cm-h-shark-bd-cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*
huawei581up-hota-cm-h-shark-bd_firmware1.0.0.581cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*
huawei586-hota-cm-h-shark-bd-cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*
huawei586-hota-cm-h-shark-bd_firmware1.0.0.586cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*
huawei588-hota-cm-h-shark-bd-cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*
huawei588-hota-cm-h-shark-bd_firmware1.0.0.588cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*
Rows per page:
1-10 of 531

CVSS3

6.1

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

26.4%

Related for NVD:CVE-2020-36602