CVE-2020-1799 — Use After Free in Huawei E6878-370 Firmware

CWE-416 — Use After Free3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 79.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei E6878-370 Firmware

Timeline

PublishedMay 21

Latest updateMay 24

Description

E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5huawei/e6878-370_firmware10.0.3.1(H557SP27C233),10.0.3.1(H563SP1C00),10.0.3.1(H563SP1C233)

▶NVDhuawei/e6878-370_firmware10.0.3.1\(h557sp27c233\), 10.0.3.1\(h563sp1c00\), 10.0.3.1\(h563sp1c233\)+2

🔴Vulnerability Details

GHSA

GHSA-x8g9-h939-cmr5: E6878-370 with versions of 10↗2022-05-24

▶

CVEList

CVE-2020-1799: E6878-370 with versions of 10↗2020-05-21

▶