CVE-2020-1837

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 84.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Changxiang 8 Plus Firmware

Timeline

PublishedJul 6

Latest updateMay 24

Description

ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/changxiang_8_plus_firmware< 9.1.0.136\(c00e121r1p6t8\)

▶CVEListV5changxiang_8_plusVersions earlier than 9.1.0.136(C00E121R1P6T8)

🔴Vulnerability Details

GHSA

GHSA-mcq4-g4c6-q4x2: ChangXiang 8 Plus with versions earlier than 9↗2022-05-24

▶

CVEList

CVE-2020-1837: ChangXiang 8 Plus with versions earlier than 9↗2020-07-06

▶