CVE-2020-1804

CWE-125Out-of-bounds Read4 documents4 sources
Severity
7.1HIGH
EPSS
0.1%
top 72.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Honor V10 FirmwareHuawei Honor V10
Timeline
PublishedApr 27
Latest updateMay 24

Description

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 1 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1805 and CVE-2020-1806.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

NVDhuawei/honor_v10_firmware< 10.0.0.156\(c00e156r2p4\)
CVEListV5huawei/honor_v10Versions earlier than 10.0.0.156(C00E156R2P4)

🔴Vulnerability Details

2
GHSA
GHSA-r5pv-cm2h-vfmj: Huawei Honor V10 smartphones with versions earlier than 102022-05-24
CVEList
CVE-2020-1804: Huawei Honor V10 smartphones with versions earlier than 102020-04-27

💥Exploits & PoCs

1
Nuclei
Quixplorer <=2.4.1 - Cross-Site Scripting
CVE-2020-1804 (HIGH CVSS 7.1) | Huawei Honor V10 smartphones with v | cvebase.io