CVE-2020-9117Out-of-bounds Read in Huawei Nova 4 Firmware

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 91.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Nova 4 FirmwareHuawei Sydneym-al00 Firmware
Timeline
PublishedDec 1
Latest updateMay 24

Description

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/sydneym-al00_firmware< 10.0.0.165\(c00e66r1p5\)
NVDhuawei/nova_4_firmware< 10.0.0.165\(c01e34r2p4\)

🔴Vulnerability Details

2
GHSA
GHSA-xvxg-wp8f-g8h4: HUAWEI nova 4 versions earlier than 102022-05-24
CVEList
CVE-2020-9117: HUAWEI nova 4 versions earlier than 102020-12-01
CVE-2020-9117 — Out-of-bounds Read in Huawei | cvebase