{"containers": {"cna": {"affected": [{"product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.0.0.576-fullpackage"}, {"status": "affected", "version": "1.0.0.577-fullpackage"}, {"status": "affected", "version": "1.0.0.581-fullpackage"}, {"status": "affected", "version": "1.0.0.586-fullpackage"}, {"status": "affected", "version": "1.0.0.588-fullpackage"}, {"status": "affected", "version": "1.0.0.606-fullpackage"}, {"status": "affected", "version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"}, {"status": "affected", "version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Read and Write", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-20T19:42:39", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-36602", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD", "version": {"version_data": [{"version_value": "1.0.0.576-fullpackage"}, {"version_value": "1.0.0.577-fullpackage"}, {"version_value": "1.0.0.581-fullpackage"}, {"version_value": "1.0.0.586-fullpackage"}, {"version_value": "1.0.0.588-fullpackage"}, {"version_value": "1.0.0.606-fullpackage"}, {"version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"}, {"version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds Read and Write"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-36602", "datePublished": "2022-09-20T19:42:39", "dateReserved": "2022-08-25T00:00:00", "dateUpdated": "2024-08-04T17:30:08.396Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D9D107-8AFF-44A8-B9BE-3122F3D9697B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*", "matchCriteriaId": "4CD62EE0-E64C-4FF5-8567-2EF3A10F4C7B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "592046BB-F1E6-4296-817F-0D17A684D58E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*", "matchCriteriaId": "27676C44-A16B-47A6-9C11-99DC1E795AC1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7144AAE-03BA-4ADB-81D0-150A7449EC79", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB97DC-3A4B-454D-9DEA-AD7A5162F936", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADDE004F-EBF6-4DBF-9459-5D58550CBF34", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*", "matchCriteriaId": "95422749-5574-4106-9BA8-EC87BDEE18D5", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "191C353D-9251-4E17-A8C1-EEFB3D98943B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*", "matchCriteriaId": "C5E07AE8-0C69-437B-8CC8-17061600A1B6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E00B0F4-8959-4909-858B-8EEA64330135", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*", "matchCriteriaId": "DF6250D5-E660-4A07-8CA7-A59F54F2A488", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C285118-F357-43D6-B9FE-BE1A3E0907F2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F008D3C-1BBD-4A69-98D4-315B2A5D92E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E0EB4E34-03D0-47B1-8DC6-96EC1BECDDF0", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB459247-22A8-48AC-B97D-948CAAFCA471", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5FF84D47-BBEE-4004-AA47-E799ED2E1407", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "267931DA-5398-465B-A149-F32C4B577486", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD33F24B-8D65-49B5-8AFD-A86C767346A9", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp11\\):*:*:*:*:*:*:*", "matchCriteriaId": "F30D8A50-7540-45E0-96EB-EF1920891744", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp15\\):*:*:*:*:*:*:*", "matchCriteriaId": "BE277CBB-DF9C-4038-8D42-76CA8771A7DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp17\\):*:*:*:*:*:*:*", "matchCriteriaId": "97381235-1F6A-4EC9-A10E-43745F2EE14C", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp21\\):*:*:*:*:*:*:*", "matchCriteriaId": "E9B68556-1AAF-49C5-BFFB-637ED0228431", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp27\\):*:*:*:*:*:*:*", "matchCriteriaId": "250E3802-BC17-40A4-A9F1-9CC89204AF50", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp29\\):*:*:*:*:*:*:*", "matchCriteriaId": "8756F566-6BAD-4CAD-BE60-7555AE0A0D61", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp31\\):*:*:*:*:*:*:*", "matchCriteriaId": "8FB0B5FE-B422-4426-8856-A75A317F8A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp33\\):*:*:*:*:*:*:*", "matchCriteriaId": "48B95F08-AEFF-4E97-A7EE-04864B871D0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:*:*:*:*:*:*:*", "matchCriteriaId": "352B2B08-0A5D-4212-8417-38303E8CFD34", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:*:*:*:*:*:*:*", "matchCriteriaId": "C7D49229-664A-4042-93F2-A06C371FFCBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:*:*:*:*:*:*:*", "matchCriteriaId": "D6EA61A3-0583-4577-ACDE-583A3280E759", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:*:*:*:*:*:*:*", "matchCriteriaId": "C9109225-36DA-4042-A31A-94F4A75B4675", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:*:*:*:*:*:*:*", "matchCriteriaId": "0EEF7C64-F872-44A3-8E2C-7104F72804D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:*:*:*:*:*:*:*", "matchCriteriaId": "1FBA91C1-6970-4340-AA35-84A74B632618", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:*:*:*:*:*:*:*", "matchCriteriaId": "C9EA888A-B3A3-4F68-B7DF-0E167A02D945", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:*:*:*:*:*:*:*", "matchCriteriaId": "D9C3C896-6EEF-402B-AE02-9607DC6E8BD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:*:*:*:*:*:*:*", "matchCriteriaId": "0AD877AB-DC3C-488F-A735-298B3743CEE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:*:*:*:*:*:*:*", "matchCriteriaId": "73EE9A4D-AE78-4701-A111-F0B2AFFE7C89", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:*:*:*:*:*:*:*", "matchCriteriaId": "EB834B04-137F-4BC0-9BF8-EBABFB407ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*", "matchCriteriaId": "92F09872-A718-42A9-90B5-90B8F0E6A489", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:*:*:*:*:*:*:*", "matchCriteriaId": "D019742C-A909-42B4-8436-952633863308", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*", "matchCriteriaId": "ACDED3D8-B0D5-4191-B0F2-B68B9244B2FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*", "matchCriteriaId": "DD1BA004-40B9-43A7-800A-B811036941FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:*:*:*:*:*:*:*", "matchCriteriaId": "04D960D1-7834-42C5-B357-0487F6E54198", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:*:*:*:*:*:*:*", "matchCriteriaId": "EEB6D1F2-7753-4526-BEF6-49E62684BF87", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:*:*:*:*:*:*:*", "matchCriteriaId": "A3CD33AE-B7E9-4149-B660-313A7BF1CA53", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:*:*:*:*:*:*:*", "matchCriteriaId": "F9ABE5A6-A576-48DA-BE6A-049272CE50E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:*:*:*:*:*:*:*", "matchCriteriaId": "B015ACC9-23B1-4467-AAC9-F4BB25314391", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:*:*:*:*:*:*:*", "matchCriteriaId": "B783B038-87A8-4684-94D9-C7682538BF85", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:*:*:*:*:*:*:*", "matchCriteriaId": "20FF7586-3714-4960-B69F-497727288225", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:*:*:*:*:*:*:*", "matchCriteriaId": "BAE41F32-2E8B-42C1-AE6C-BA75DD049CEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:*:*:*:*:*:*:*", "matchCriteriaId": "ADE6C797-4BC5-4922-A480-A670C1D5BB55", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:*:*:*:*:*:*:*", "matchCriteriaId": "EEEEEDC8-3716-49AD-BABF-C26031D70503", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:*:*:*:*:*:*:*", "matchCriteriaId": "E6249992-4CE2-4515-9C9F-B7A09B2650B1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura y escritura fuera de l\u00edmites en algunos productos de auriculares. Un atacante no autenticado obtiene el dispositivo f\u00edsicamente y dise\u00f1a un mensaje malformado con un par\u00e1metro espec\u00edfico y env\u00eda el mensaje a los productos afectados. Debido a una insuficiente comprobaci\u00f3n del mensaje, que puede ser explotado para causar lectura y escritura fuera de l\u00edmites"}], "id": "CVE-2020-36602", "lastModified": "2022-09-22T13:29:44.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-20T20:15:09.723", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}