HIGH🇬🇧 English

CVE-2020-9117

CVSS 7.8v3.1pub. 2020-12-01upd. 2024-11-21

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Huawei Nova 4

    HW
    Huawei
    wszystkie wersje
  • Huawei Nova 4 Firmware

    OS
    Huawei
    < 10.0.0.165\(c01e34r2p4\)
  • Huawei Sydneym Al00

    HW
    Huawei
    wszystkie wersje
  • Huawei Sydneym Al00 Firmware

    OS
    Huawei
    < 10.0.0.165\(c00e66r1p5\)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2020-0069HIGH7.8⚠ KEVten sam produkt

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to ins...

CVE-2019-5302MEDIUM5.3ten sam produkt

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially cra...

CVE-2019-5303MEDIUM5.3ten sam produkt

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially cra...

CVE-2020-1785MEDIUM5.5ten sam produkt

Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not ...

CVE-2019-0708CRITICAL9.8⚠ KEVten sam vendor

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services wh...