CVE-2020-1843 — Improper Input Validation in Huawei Hege-560

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 79.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Hege-560 Huawei Osca-550 Huawei Osca-550a +7 more

Timeline

PublishedFeb 18

Latest updateMay 24

Description

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5huawei/osca-550ax1.0.0.71(SP2)

▶NVDhuawei/osca-550ax_firmware1.0.0.71\(sp2\)

▶CVEListV5huawei/osca-550a1.0.0.71(SP1)

▶CVEListV5huawei/osca-550x1.0.0.71(SP2)

▶NVDhuawei/osca-550a_firmware1.0.0.71\(sp1\)

🔴Vulnerability Details

GHSA

GHSA-p6xg-495q-mfqw: Huawei HEGE-560 version 1↗2022-05-24

▶

CVEList

CVE-2020-1843: Huawei HEGE-560 version 1↗2020-02-18

▶