CVE-2020-9075 — Improper Input Validation in Huawei Secospace Usg6300 Firmware

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 63.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Secospace Usg6300 Firmware Huawei Secospace Usg6600 Firmware Huawei Usg6300e Firmware

Timeline

PublishedJun 15

Latest updateMay 24

Description

Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDhuawei/usg6300e_firmwarev600r006c00

▶NVDhuawei/secospace_usg6300_firmwarev500r005c00, v500r005c10+1

▶NVDhuawei/secospace_usg6600_firmware4 versions+3

🔴Vulnerability Details

GHSA

GHSA-j748-8wr5-mq8p: Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a↗2022-05-24

▶

CVEList

CVE-2020-9075: Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a↗2020-06-15

▶