Out-of-bounds

2020-06-0115:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.1%

JSON

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00

CPENameOperatorVersion
ar120-s_firmwareeq200r7c0spc900-v
ar120-s_firmwareeq200r7c0spca0-v
ar120-s_firmwareeq200r7c0spcb0-v
ar120-s_firmwareeq200r7c0spcc0-v
ar1200-s_firmwareeq200r7c0spc900-v
ar1200-s_firmwareeq200r7c0spcb0-v
ar1200-s_firmwareeq200r7c0spcc0-v
ar1200_firmwareeq200r7c0spc900-v
ar1200_firmwareeq200r7c0spc900pwe-v
ar1200_firmwareeq200r7c0spca0-v

Name	Operator	Version
ar120-s_firmware	eq	200r7c0spc900-v
ar120-s_firmware	eq	200r7c0spca0-v
ar120-s_firmware	eq	200r7c0spcb0-v
ar120-s_firmware	eq	200r7c0spcc0-v
ar1200-s_firmware	eq	200r7c0spc900-v
ar1200-s_firmware	eq	200r7c0spcb0-v
ar1200-s_firmware	eq	200r7c0spcc0-v
ar1200_firmware	eq	200r7c0spc900-v
ar1200_firmware	eq	200r7c0spc900pwe-v
ar1200_firmware	eq	200r7c0spca0-v