CVE-2020-1832

CWE-787 — Out-of-bounds Write5 documents4 sources

Severity

8.8HIGH

EPSS

0.1%

top 80.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei E6878-370 Huawei E6878-370 Firmware

Timeline

PublishedMay 29

Latest updateMay 24

Description

E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5huawei/e6878-37010.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00)+1

▶NVDhuawei/e6878-370_firmware10.0.3.1\(h557sp27c233\), 10.0.3.1\(h563sp1c233\)+1

🔴Vulnerability Details

GHSA

GHSA-f4fm-25px-642h: E6878-370 products with versions of 10↗2022-05-24

▶

CVEList

CVE-2020-1832: E6878-370 products with versions of 10↗2020-05-29

▶

📋Vendor Advisories

Oracle

Oracle Oracle Construction and Engineering Risk Matrix: Platform (Apache Derby) — CVE-2015-1832↗2020-10-15

▶

Oracle

Oracle Oracle Knowledge Risk Matrix: Web Applications - InfoCenter (Apache Derby) — CVE-2015-1832↗2020-04-15

▶