Sign-up

ID

VAR-202002-0572


CVE

CVE-2020-1789


TITLE

plural Huawei Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002090

DESCRIPTION

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. OSCA-550AX is a 55-inch smart screen launched by Huawei's glory brand. OSCA-550A is the first 55-inch terminal smart screen using Huawei Hongmeng operating system launched by Honor. The vulnerability stems from the system's failure to require users to provide authentication credentials that meet complexity requirements

Trust: 2.16

sources: NVD: CVE-2020-1789 // JVNDB: JVNDB-2020-002090 // CNVD: CNVD-2020-36727

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-36727

AFFECTED PRODUCTS

vendor:huaweimodel:osca-550scope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:osca-550ascope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:osca-550xscope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:osca-550axscope:eqversion:1.0.1.21\(sp3\)

Trust: 1.0

vendor:huaweimodel:osca-550scope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550ascope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550axscope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550xscope:eqversion:1.0.1.21(sp3)

Trust: 0.8

vendor:huaweimodel:osca-550 1.0.1.21scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550a 1.0.1.21scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550ax 1.0.1.21scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550x 1.0.1.21scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-36727 // JVNDB: JVNDB-2020-002090 // NVD: CVE-2020-1789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1789
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002090
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-36727
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-938
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1789
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002090
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-36727
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1789
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002090
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-36727 // JVNDB: JVNDB-2020-002090 // CNNVD: CNNVD-202001-938 // NVD: CVE-2020-1789

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2020-002090 // NVD: CVE-2020-1789

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-938

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002090

PATCH
title:huawei-sa-20200121-01-oscaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en
Trust: 0.8
title:Patch for Multiple Huawei products have insufficient certification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/224775
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110176
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-36727 // 
            
            
            
            JVNDB: JVNDB-2020-002090 // 
            
            
            
            CNNVD: CNNVD-202001-938

EXTERNAL IDS
db:NVDid:CVE-2020-1789
Trust: 3.0
db:JVNDBid:JVNDB-2020-002090
Trust: 0.8
db:CNVDid:CNVD-2020-36727
Trust: 0.6
db:CNNVDid:CNNVD-202001-938
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-36727 // 
            
            
            
            JVNDB: JVNDB-2020-002090 // 
            
            
            
            CNNVD: CNNVD-202001-938 // 
            
            
            
            NVD: CVE-2020-1789

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1789
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1789
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200121-01-osca-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-36727 // 
            
            
            
            JVNDB: JVNDB-2020-002090 // 
            
            
            
            CNNVD: CNNVD-202001-938 // 
            
            
            
            NVD: CVE-2020-1789

CREDITS
The vulnerability was discovered by Huawei internal testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-938

SOURCES
db:CNVDid:CNVD-2020-36727
db:JVNDBid:JVNDB-2020-002090
db:CNNVDid:CNNVD-202001-938
db:NVDid:CVE-2020-1789

LAST UPDATE DATE
2024-11-23T22:37:33.090000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-36727date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-002090date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-938date:2021-01-05T00:00:00
db:NVDid:CVE-2020-1789date:2024-11-21T05:11:23.067

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-36727date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-002090date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-938date:2020-01-21T00:00:00
db:NVDid:CVE-2020-1789date:2020-02-18T03:15:10.937