CVE-2020-9247

CWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.8HIGH
EPSS
0.4%
top 42.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
26
Huawei Hima-l29cHuawei Honor 20 PROHuawei Huawei Mate 20+23 more
Timeline
PublishedDec 7
Latest updateMay 24

Description

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL0

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages26 packages

CVEListV5huawei/yalep-al10bunspecified10.1.0.160(C00E160R8P12)
NVDhuawei/yalep-al10b_firmware< 10.1.0.160\(c00e160r8p12\)
CVEListV5huawei/yale-l61aunspecified10.1.0.225(C432E3R1P2)+1
CVEListV5huawei/yale-tl00bunspecified10.1.0.160(C01E160R8P12)
CVEListV5huawei/huawei_mate_20unspecified10.1.0.160(C00E160R3P8)

🔴Vulnerability Details

2
GHSA
GHSA-c423-vwh6-449m: There is a buffer overflow vulnerability in several Huawei products2022-05-24
CVEList
CVE-2020-9247: There is a buffer overflow vulnerability in several Huawei products2020-12-07
CVE-2020-9247 (HIGH CVSS 7.8) | There is a buffer overflow vulnerab | cvebase.io