Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-9247

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

Published

2020-12-07T13:15:11.123

Last Modified

2024-11-21T05:40:15.980

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	honor_20_pro_firmware	< 10.1.0.230\(c432e9r5p1\)	Yes
Hardware	huawei	honor_20_pro	-	No
Operating System	huawei	mate_20_firmware	< 10.1.0.160\(c00e160r3p8\)	Yes
Hardware	huawei	mate_20	-	No
Operating System	huawei	mate_20_pro_firmware	< 10.1.0.270\(c432e7r1p5\)	Yes
Hardware	huawei	mate_20_pro	-	No
Operating System	huawei	mate_20_x_firmware	< 10.1.0.160\(c00e160r2p8\)	Yes
Hardware	huawei	mate_20_x	-	No
Operating System	huawei	p30_firmware	9.1.0.272\(c635e4r2p2\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	p30_pro_firmware	< 10.1.0.160\(c00e160r2p8\)	Yes
Hardware	huawei	p30_pro	-	No
Operating System	huawei	hima-l29c_firmware	< 10.1.0.273\(c185e5r2p4\)	Yes
Hardware	huawei	hima-l29c	-	No
Operating System	huawei	laya-al00ep_firmware	< 10.1.0.160\(c786e160r3p8\)	Yes
Hardware	huawei	laya-al00ep	-	No
Operating System	huawei	princeton-al10b_firmware	< 10.1.0.160\(c00e160r2p11\)	Yes
Hardware	huawei	princeton-al10b	-	No
Operating System	huawei	tony-al00b_firmware	< 10.1.0.160\(c00e160r2p11\)	Yes
Hardware	huawei	tony-al00b	-	No
Operating System	huawei	yale-l61a_firmware	< 10.1.0.225\(c432e3r1p2\)	Yes
Hardware	huawei	yale-l61a	-	No
Operating System	huawei	yale-tl00b_firmware	< 10.1.0.160\(c01e160r8p12\)	Yes
Hardware	huawei	yale-tl00b	-	No
Operating System	huawei	yalep-al10b_firmware	< 10.1.0.160\(c00e160r8p12\)	Yes
Hardware	huawei	yalep-al10b	-	No
Operating System	huawei	honor_20_pro_firmware	< 10.1.0.231\(c10e3r3p2\)	Yes
Hardware	huawei	honor_20_pro	-	No
Operating System	huawei	mate_20_pro_firmware	< 10.1.0.270\(c635e3r1p5\)	Yes
Hardware	huawei	mate_20_pro	-	No
Operating System	huawei	mate_20_pro_firmware	< 10.1.0.273\(c185e7r2p4\)	Yes
Hardware	huawei	mate_20_pro	-	No
Operating System	huawei	mate_20_pro_firmware	< 10.1.0.273\(c636e7r2p4\)	Yes
Hardware	huawei	mate_20_pro	-	No
Operating System	huawei	mate_20_pro_firmware	< 10.1.0.277\(c10e7r2p4\)	Yes
Hardware	huawei	mate_20_pro	-	No
Operating System	huawei	mate_20_pro_firmware	< 10.1.0.277\(c605e7r1p5\)	Yes
Hardware	huawei	mate_20_pro	-	No
Operating System	huawei	p30_firmware	< 10.1.0.123\(c432e22r2p5\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	p30_firmware	< 10.1.0.126\(c10e7r5p1\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	p30_firmware	< 10.1.0.126\(c185e4r7p1\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	p30_firmware	< 10.1.0.126\(c605e19r1p3\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	p30_firmware	< 10.1.0.126\(c636e5r3p4\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	p30_firmware	< 10.1.0.126\(c636e7r3p4\)	Yes
Hardware	huawei	p30	-	No
Operating System	huawei	hima-l29c_firmware	< 10.1.0.273\(c636e5r2p4\)	Yes
Hardware	huawei	hima-l29c	-	No
Operating System	huawei	hima-l29c_firmware	< 10.1.0.275\(c10e4r2p4\)	Yes
Hardware	huawei	hima-l29c	-	No
Operating System	huawei	yale-l61a_firmware	< 10.1.0.226\(c10e3r1p1\)	Yes
Hardware	huawei	yale-l61a	-	No

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)