Huawei Osca-550 Firmware vulnerabilities

6 known vulnerabilities affecting huawei/osca-550_firmware.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM5LOW1

Vulnerabilities

Page 1 of 1

CVE-2020-1802MEDIUMCVSS 4.6v1.0.1.23\(sp2\)2020-04-10

CVE-2020-1802 [MEDIUM] CWE-354 CVE-2020-1802: There is an insufficient integrity validation vulnerability in several products. The device does not There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A v

CVE-2020-1879LOWCVSS 3.9v1.0.1.21\(sp3\)2020-03-20

CVE-2020-1879 [LOW] CWE-354 CVE-2020-1879: There is an improper integrity checking vulnerability on some huawei products. The software of the a There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions 1.0.1.21(SP3);HEGE-570 versions 1.0.1.22(SP3);OSCA-550 versions 1.0.1.21(SP3

CVE-2020-1789MEDIUMCVSS 6.8v1.0.1.21\(sp3\)2020-02-18

CVE-2020-1789 [MEDIUM] CWE-287 CVE-2020-1789: Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an in Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credentia

CVE-2020-1842MEDIUMCVSS 6.8v1.0.0.71\(sp1\)2020-02-18

CVE-2020-1842 [MEDIUM] CWE-287 CVE-2020-1842: Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high

CVE-2020-1855MEDIUMCVSS 6.1v1.0.1.21\(sp3\)2020-02-18

CVE-2020-1855 [MEDIUM] CVE-2020-1855: Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.

CVE-2020-1843MEDIUMCVSS 6.8v1.0.0.71\(sp1\)2020-02-18

CVE-2020-1843 [MEDIUM] CVE-2020-1843: Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause th