CVE-2020-9241 - OpenCVE

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	E6878-370 E6878-370 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:huawei:e6878-370_firmware:10.0.3.1\(h563sp1c00\):::::::*
	cpe:2.3:o:huawei:e6878-370_firmware:10.0.3.1\(h563sp21c233\):::::::*

cpe:2.3:h:huawei:e6878-370:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2020-08-17T15:04:50

Updated: 2024-08-04T10:19:20.129Z

Reserved: 2020-02-18T00:00:00

Link: CVE-2020-9241

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-17T16:15:14.107

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-9241

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "E6878-370", "vendor": "n/a", "versions": [{"status": "affected", "version": "10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233)"}]}], "descriptions": [{"lang": "en", "value": "Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device."}], "problemTypes": [{"descriptions": [{"description": "Improper Authorization", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-17T15:04:50", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2020-9241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "E6878-370", "version": {"version_data": [{"version_value": "10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authorization"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:19:20.129Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2020-9241", "datePublished": "2020-08-17T15:04:50", "dateReserved": "2020-02-18T00:00:00", "dateUpdated": "2024-08-04T10:19:20.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e6878-370_firmware:10.0.3.1\\(h563sp1c00\\):*:*:*:*:*:*:*", "matchCriteriaId": "E527F624-8AAE-47FB-A19A-0A75BA43BFB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:e6878-370_firmware:10.0.3.1\\(h563sp21c233\\):*:*:*:*:*:*:*", "matchCriteriaId": "7793D7FE-F4FE-4BEB-8B4F-F07759A06E9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e6878-370:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADA263F9-F9F5-4249-A55A-748689F0271E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device."}, {"lang": "es", "value": "Huawei 5G Mobile WiFi E6878-370 con versiones de 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP21C233), presentan una vulnerabilidad de autorizaci\u00f3n inapropiada. El dispositivo no restringe determinados datos recibidos de un puerto WAN. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante en el lado de la WAN administrar determinado servicio del dispositivo."}], "id": "CVE-2020-9241", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-17T16:15:14.107", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}