CVE-2020-1842

CWE-287Improper Authentication3 documents3 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 81.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Huawei Hege-560Huawei Hege-560 FirmwareHuawei Osca-550 Firmware+3 more
Timeline
PublishedFeb 18
Latest updateMay 24

Description

Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages6 packages

NVDhuawei/osca-550ax_firmware1.0.0.71\(sp2\)
NVDhuawei/osca-550a_firmware1.0.0.71\(sp1\)
NVDhuawei/osca-550x_firmware1.0.0.71\(sp2\)
NVDhuawei/osca-550_firmware1.0.0.71\(sp1\)
CVEListV5huawei/hege-5601.0.1.20(SP2)

🔴Vulnerability Details

2
GHSA
GHSA-v7w4-x8mq-35m8: Huawei HEGE-560 version 12022-05-24
CVEList
CVE-2020-1842: Huawei HEGE-560 version 12020-02-18
CVE-2020-1842 (MEDIUM CVSS 6.8) | Huawei HEGE-560 version 1.0.1.20(SP | cvebase.io