CVE-2020-9091Out-of-bounds Read in Huawei Taurus-an00b Firmware

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Taurus-an00b Firmware
Timeline
PublishedOct 12
Latest updateMay 24

Description

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5huawei/taurus-an00b_firmwareVersions earlier than 10.1.0.156(C00E155R7P2)
NVDhuawei/taurus-an00b_firmware10.1.0.156\(c00e155r7p2\)

🔴Vulnerability Details

2
GHSA
GHSA-wp9c-rpgf-2rhf: Taurus-AN00B versions earlier than 102022-05-24
CVEList
CVE-2020-9091: Taurus-AN00B versions earlier than 102020-10-12
CVE-2020-9091 — Out-of-bounds Read in Huawei | cvebase