There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | AR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;AR510;NetEngine16EX;SRG1300;SRG2300;SRG3300 | affected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Huawei
Subscribe
|
Ar120-s
Subscribe
Ar120-s Firmware
Subscribe
Ar1200
Subscribe
Ar1200-s
Subscribe
Ar1200-s Firmware
Subscribe
Ar1200 Firmware
Subscribe
Ar150
Subscribe
Ar150-s
Subscribe
Ar150-s Firmware
Subscribe
Ar150 Firmware
Subscribe
Ar160
Subscribe
Ar160 Firmware
Subscribe
Ar200
Subscribe
Ar200-s
Subscribe
Ar200-s Firmware
Subscribe
Ar200 Firmware
Subscribe
Ar2200
Subscribe
Ar2200-s
Subscribe
Ar2200-s Firmware
Subscribe
Ar2200 Firmware
Subscribe
Ar3200
Subscribe
Ar3200 Firmware
Subscribe
Ar3600
Subscribe
Ar3600 Firmware
Subscribe
Ar510
Subscribe
Ar510 Firmware
Subscribe
Netengine16ex
Subscribe
Netengine16ex Firmware
Subscribe
Srg1300
Subscribe
Srg1300 Firmware
Subscribe
Srg2300
Subscribe
Srg2300 Firmware
Subscribe
Srg3300
Subscribe
Srg3300 Firmware
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2020-29900 | There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00 |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: huawei
Published:
Updated: 2024-08-04T10:19:19.924Z
Reserved: 2020-02-18T00:00:00
Link: CVE-2020-9071
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-01T15:15:14.840
Modified: 2024-11-21T05:39:58.290
Link: CVE-2020-9071
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses