CVE-2020-9071

There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00

Published: Jun 1, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-9071
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
huawei / ar120-s_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar120-s_firmware	200r007c00spca00	200r007c00spca00.x
huawei / ar120-s_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar120-s_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar1200_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar1200_firmware	200r007c00spc900pwe	200r007c00spc900pwe.x
huawei / ar1200_firmware	200r007c00spca00	200r007c00spca00.x
huawei / ar1200_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar1200_firmware	200r007c00spcb00pwe	200r007c00spcb00pwe.x
huawei / ar1200_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar1200-s_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar1200-s_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar1200-s_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar150_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar150_firmware	200r007c00spc900pwe	200r007c00spc900pwe.x
huawei / ar150_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar150_firmware	200r007c00spcb00pwe	200r007c00spcb00pwe.x
huawei / ar150_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar150-s_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar150-s_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar150-s_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar160_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar160_firmware	200r007c00spc900pwe	200r007c00spc900pwe.x
huawei / ar160_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar160_firmware	200r007c00spcb00pwe	200r007c00spcb00pwe.x
huawei / ar160_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar200_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar200_firmware	200r007c00spc900pwe	200r007c00spc900pwe.x
huawei / ar200_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar200_firmware	200r007c00spcb00pwe	200r007c00spcb00pwe.x
huawei / ar200_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar200-s_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar200-s_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar200-s_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar2200_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar2200_firmware	200r007c00spc900pwe	200r007c00spc900pwe.x
huawei / ar2200_firmware	200r007c00spca00	200r007c00spca00.x
huawei / ar2200_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar2200_firmware	200r007c00spcb00pwe	200r007c00spcb00pwe.x
huawei / ar2200_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar2200-s_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar2200-s_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar2200-s_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar3200_firmware	200r007c00	200r007c00.x
huawei / ar3200_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar3200_firmware	200r007c00spc900pwe	200r007c00spc900pwe.x
huawei / ar3200_firmware	200r007c00spca00	200r007c00spca00.x
huawei / ar3200_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar3200_firmware	200r007c00spcb00pwe	200r007c00spcb00pwe.x
huawei / ar3200_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar3600_firmware	200r007c00spc900	200r007c00spc900.x
huawei / ar3600_firmware	200r007c00spc900pwe	200r007c00spc900pwe.x
huawei / ar3600_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / ar3600_firmware	200r007c00spcb00pwe	200r007c00spcb00pwe.x
huawei / ar3600_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / ar510_firmware	200r007c00spc900	200r007c00spc900.x
huawei / netengine16ex_firmware	200r007c00spc900	200r007c00spc900.x
huawei / netengine16ex_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / netengine16ex_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / srg1300_firmware	200r007c00spc900	200r007c00spc900.x
huawei / srg1300_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / srg1300_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / srg2300_firmware	200r007c00spc900	200r007c00spc900.x
huawei / srg2300_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / srg2300_firmware	200r007c00spcc00	200r007c00spcc00.x
huawei / srg3300_firmware	200r007c00spc900	200r007c00spc900.x
huawei / srg3300_firmware	200r007c00spcb00	200r007c00spcb00.x
huawei / srg3300_firmware	200r007c00spcc00	200r007c00spcc00.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-01-oob-en

Vulnerability Database

289,599

CVE-2020-9071