CVE-2020-9068

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.

Published: Apr 27, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9068
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
huawei / ar3200_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar3200_firmware	200r007c00spca00	200r007c00spca00.x
huawei / ar3200_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar3200_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar3200_firmware	200r009c00spc500	200r009c00spc500.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-authentication-en

Vulnerability Database

289,599

CVE-2020-9068