HIGH🇬🇧 English

CVE-2020-9247

CVSS 7.8v3.1pub. 2020-12-07upd. 2024-11-21

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Huawei Hima L29c

    HW
    Huawei
    wszystkie wersje
  • Huawei Hima L29c Firmware

    OS
    Huawei
    < 10.1.0.273\(c636e5r2p4\)< 10.1.0.275\(c10e4r2p4\)< 10.1.0.273\(c185e5r2p4\)
  • Huawei Honor 20 Pro

    HW
    Huawei
    wszystkie wersje
  • Huawei Honor 20 Pro Firmware

    OS
    Huawei
    < 10.1.0.231\(c10e3r3p2\)< 10.1.0.230\(c432e9r5p1\)
  • Huawei Laya Al00ep

    HW
    Huawei
    wszystkie wersje
  • Huawei Laya Al00ep Firmware

    OS
    Huawei
    < 10.1.0.160\(c786e160r3p8\)
  • Huawei Mate 20

    HW
    Huawei
    wszystkie wersje
  • Huawei Mate 20 Firmware

    OS
    Huawei
    < 10.1.0.160\(c00e160r3p8\)
  • Huawei Mate 20 Pro

    HW
    Huawei
    wszystkie wersje
  • Huawei Mate 20 Pro Firmware

    OS
    Huawei
    < 10.1.0.270\(c635e3r1p5\)< 10.1.0.270\(c432e7r1p5\)< 10.1.0.277\(c605e7r1p5\)< 10.1.0.277\(c10e7r2p4\)< 10.1.0.273\(c636e7r2p4\)< 10.1.0.273\(c185e7r2p4\)
  • Huawei Mate 20 X

    HW
    Huawei
    wszystkie wersje
  • Huawei Mate 20 X Firmware

    OS
    Huawei
    < 10.1.0.160\(c00e160r2p8\)
  • Huawei P30

    HW
    Huawei
    wszystkie wersje
  • Huawei P30 Firmware

    OS
    Huawei
    9.1.0.272\(c635e4r2p2\)< 10.1.0.126\(c605e19r1p3\)< 10.1.0.123\(c432e22r2p5\)< 10.1.0.126\(c10e7r5p1\)< 10.1.0.126\(c185e4r7p1\)< 10.1.0.126\(c636e5r3p4\)< 10.1.0.126\(c636e7r3p4\)
  • Huawei P30 Pro

    HW
    Huawei
    wszystkie wersje
  • Huawei P30 Pro Firmware

    OS
    Huawei
    < 10.1.0.160\(c00e160r2p8\)
  • Huawei Princeton Al10b

    HW
    Huawei
    wszystkie wersje
  • Huawei Princeton Al10b Firmware

    OS
    Huawei
    < 10.1.0.160\(c00e160r2p11\)
  • Huawei Tony Al00b

    HW
    Huawei
    wszystkie wersje
  • Huawei Tony Al00b Firmware

    OS
    Huawei
    < 10.1.0.160\(c00e160r2p11\)
  • Huawei Yale L61a

    HW
    Huawei
    wszystkie wersje
  • Huawei Yale L61a Firmware

    OS
    Huawei
    < 10.1.0.226\(c10e3r1p1\)< 10.1.0.225\(c432e3r1p2\)
  • Huawei Yalep Al10b

    HW
    Huawei
    wszystkie wersje
  • Huawei Yalep Al10b Firmware

    OS
    Huawei
    < 10.1.0.160\(c00e160r8p12\)
  • Huawei Yale Tl00b

    HW
    Huawei
    wszystkie wersje
  • Huawei Yale Tl00b Firmware

    OS
    Huawei
    < 10.1.0.160\(c01e160r8p12\)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2020-0069HIGH7.8⚠ KEVten sam produkt

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to ins...

CVE-2020-9080HIGH7.8ten sam produkt

There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated ...

CVE-2021-22331HIGH7.5ten sam produkt

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inp...

CVE-2020-9223HIGH7.5ten sam produkt

There is a denial of service vulnerability in some Huawei smartphones. Due to the improper processing of recei...

CVE-2020-9113HIGH8.0ten sam produkt

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Blueto...