{"containers": {"cna": {"affected": [{"product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.0.0.576-fullpackage"}, {"status": "affected", "version": "1.0.0.577-fullpackage"}, {"status": "affected", "version": "1.0.0.581-fullpackage"}, {"status": "affected", "version": "1.0.0.586-fullpackage"}, {"status": "affected", "version": "1.0.0.588-fullpackage"}, {"status": "affected", "version": "1.0.0.606-fullpackage"}, {"status": "affected", "version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"}, {"status": "affected", "version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Read and Write", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-20T19:42:39.000Z", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-36602", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD", "version": {"version_data": [{"version_value": "1.0.0.576-fullpackage"}, {"version_value": "1.0.0.577-fullpackage"}, {"version_value": "1.0.0.581-fullpackage"}, {"version_value": "1.0.0.586-fullpackage"}, {"version_value": "1.0.0.588-fullpackage"}, {"version_value": "1.0.0.606-fullpackage"}, {"version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"}, {"version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds Read and Write"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.396Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-28T16:04:35.499045Z", "id": "CVE-2020-36602", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T16:04:39.495Z"}}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-36602", "datePublished": "2022-09-20T19:42:39.000Z", "dateReserved": "2022-08-25T00:00:00.000Z", "dateUpdated": "2025-05-28T16:04:39.495Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.396Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-36602", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-28T16:04:35.499045Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T16:04:31.445Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD", "versions": [{"status": "affected", "version": "1.0.0.576-fullpackage"}, {"status": "affected", "version": "1.0.0.577-fullpackage"}, {"status": "affected", "version": "1.0.0.581-fullpackage"}, {"status": "affected", "version": "1.0.0.586-fullpackage"}, {"status": "affected", "version": "1.0.0.588-fullpackage"}, {"status": "affected", "version": "1.0.0.606-fullpackage"}, {"status": "affected", "version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"}, {"status": "affected", "version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"}]}], "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Out-of-bounds Read and Write"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2022-09-20T19:42:39.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.0.0.576-fullpackage"}, {"version_value": "1.0.0.577-fullpackage"}, {"version_value": "1.0.0.581-fullpackage"}, {"version_value": "1.0.0.586-fullpackage"}, {"version_value": "1.0.0.588-fullpackage"}, {"version_value": "1.0.0.606-fullpackage"}, {"version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"}, {"version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"}]}, "product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds Read and Write"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-36602", "STATE": "PUBLIC", "ASSIGNER": "psirt@huawei.com"}}}}, "cveMetadata": {"cveId": "CVE-2020-36602", "state": "PUBLISHED", "dateUpdated": "2025-05-28T16:04:39.495Z", "dateReserved": "2022-08-25T00:00:00.000Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2022-09-20T19:42:39.000Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*", "matchCriteriaId": "4CD62EE0-E64C-4FF5-8567-2EF3A10F4C7B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D9D107-8AFF-44A8-B9BE-3122F3D9697B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*", "matchCriteriaId": "27676C44-A16B-47A6-9C11-99DC1E795AC1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "592046BB-F1E6-4296-817F-0D17A684D58E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*", "matchCriteriaId": "4EDB97DC-3A4B-454D-9DEA-AD7A5162F936", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7144AAE-03BA-4ADB-81D0-150A7449EC79", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*", "matchCriteriaId": "95422749-5574-4106-9BA8-EC87BDEE18D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADDE004F-EBF6-4DBF-9459-5D58550CBF34", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*", "matchCriteriaId": "C5E07AE8-0C69-437B-8CC8-17061600A1B6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "191C353D-9251-4E17-A8C1-EEFB3D98943B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*", "matchCriteriaId": "DF6250D5-E660-4A07-8CA7-A59F54F2A488", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E00B0F4-8959-4909-858B-8EEA64330135", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F008D3C-1BBD-4A69-98D4-315B2A5D92E3", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E0EB4E34-03D0-47B1-8DC6-96EC1BECDDF0", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB459247-22A8-48AC-B97D-948CAAFCA471", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5FF84D47-BBEE-4004-AA47-E799ED2E1407", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "267931DA-5398-465B-A149-F32C4B577486", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C285118-F357-43D6-B9FE-BE1A3E0907F2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp11\\):*:*:*:*:*:*:*", "matchCriteriaId": "F30D8A50-7540-45E0-96EB-EF1920891744", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp15\\):*:*:*:*:*:*:*", "matchCriteriaId": "BE277CBB-DF9C-4038-8D42-76CA8771A7DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp17\\):*:*:*:*:*:*:*", "matchCriteriaId": "97381235-1F6A-4EC9-A10E-43745F2EE14C", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp21\\):*:*:*:*:*:*:*", "matchCriteriaId": "E9B68556-1AAF-49C5-BFFB-637ED0228431", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp27\\):*:*:*:*:*:*:*", "matchCriteriaId": "250E3802-BC17-40A4-A9F1-9CC89204AF50", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp29\\):*:*:*:*:*:*:*", "matchCriteriaId": "8756F566-6BAD-4CAD-BE60-7555AE0A0D61", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp31\\):*:*:*:*:*:*:*", "matchCriteriaId": "8FB0B5FE-B422-4426-8856-A75A317F8A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp33\\):*:*:*:*:*:*:*", "matchCriteriaId": "48B95F08-AEFF-4E97-A7EE-04864B871D0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:*:*:*:*:*:*:*", "matchCriteriaId": "352B2B08-0A5D-4212-8417-38303E8CFD34", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:*:*:*:*:*:*:*", "matchCriteriaId": "C7D49229-664A-4042-93F2-A06C371FFCBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:*:*:*:*:*:*:*", "matchCriteriaId": "D6EA61A3-0583-4577-ACDE-583A3280E759", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:*:*:*:*:*:*:*", "matchCriteriaId": "C9109225-36DA-4042-A31A-94F4A75B4675", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:*:*:*:*:*:*:*", "matchCriteriaId": "0EEF7C64-F872-44A3-8E2C-7104F72804D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:*:*:*:*:*:*:*", "matchCriteriaId": "1FBA91C1-6970-4340-AA35-84A74B632618", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:*:*:*:*:*:*:*", "matchCriteriaId": "C9EA888A-B3A3-4F68-B7DF-0E167A02D945", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:*:*:*:*:*:*:*", "matchCriteriaId": "D9C3C896-6EEF-402B-AE02-9607DC6E8BD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:*:*:*:*:*:*:*", "matchCriteriaId": "0AD877AB-DC3C-488F-A735-298B3743CEE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:*:*:*:*:*:*:*", "matchCriteriaId": "73EE9A4D-AE78-4701-A111-F0B2AFFE7C89", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:*:*:*:*:*:*:*", "matchCriteriaId": "EB834B04-137F-4BC0-9BF8-EBABFB407ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*", "matchCriteriaId": "92F09872-A718-42A9-90B5-90B8F0E6A489", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:*:*:*:*:*:*:*", "matchCriteriaId": "D019742C-A909-42B4-8436-952633863308", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*", "matchCriteriaId": "ACDED3D8-B0D5-4191-B0F2-B68B9244B2FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*", "matchCriteriaId": "DD1BA004-40B9-43A7-800A-B811036941FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:*:*:*:*:*:*:*", "matchCriteriaId": "04D960D1-7834-42C5-B357-0487F6E54198", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:*:*:*:*:*:*:*", "matchCriteriaId": "EEB6D1F2-7753-4526-BEF6-49E62684BF87", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:*:*:*:*:*:*:*", "matchCriteriaId": "A3CD33AE-B7E9-4149-B660-313A7BF1CA53", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:*:*:*:*:*:*:*", "matchCriteriaId": "F9ABE5A6-A576-48DA-BE6A-049272CE50E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:*:*:*:*:*:*:*", "matchCriteriaId": "B015ACC9-23B1-4467-AAC9-F4BB25314391", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:*:*:*:*:*:*:*", "matchCriteriaId": "B783B038-87A8-4684-94D9-C7682538BF85", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:*:*:*:*:*:*:*", "matchCriteriaId": "20FF7586-3714-4960-B69F-497727288225", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:*:*:*:*:*:*:*", "matchCriteriaId": "BAE41F32-2E8B-42C1-AE6C-BA75DD049CEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:*:*:*:*:*:*:*", "matchCriteriaId": "ADE6C797-4BC5-4922-A480-A670C1D5BB55", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:*:*:*:*:*:*:*", "matchCriteriaId": "EEEEEDC8-3716-49AD-BABF-C26031D70503", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:*:*:*:*:*:*:*", "matchCriteriaId": "E6249992-4CE2-4515-9C9F-B7A09B2650B1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD33F24B-8D65-49B5-8AFD-A86C767346A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura y escritura fuera de l\u00edmites en algunos productos de auriculares. Un atacante no autenticado obtiene el dispositivo f\u00edsicamente y dise\u00f1a un mensaje malformado con un par\u00e1metro espec\u00edfico y env\u00eda el mensaje a los productos afectados. Debido a una insuficiente comprobaci\u00f3n del mensaje, que puede ser explotado para causar lectura y escritura fuera de l\u00edmites"}], "id": "CVE-2020-36602", "lastModified": "2025-05-28T16:15:21.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-09-20T20:15:09.723", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}