Sign-up

ID

VAR-202002-0602


CVE

CVE-2020-1843


TITLE

plural Huawei Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-002083

DESCRIPTION

Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. plural Huawei The product contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. OSCA-550AX is a 55-inch smart screen launched by Huawei's glory brand. OSCA-550A is the first 55-inch terminal smart screen using Huawei Hongmeng operating system launched by Honor. There are security holes in many Huawei products

Trust: 2.16

sources: NVD: CVE-2020-1843 // JVNDB: JVNDB-2020-002083 // CNVD: CNVD-2020-36729

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-36729

AFFECTED PRODUCTS

vendor:huaweimodel:osca-550ascope:eqversion:1.0.0.71\(sp1\)

Trust: 1.0

vendor:huaweimodel:osca-550scope:eqversion:1.0.0.71\(sp1\)

Trust: 1.0

vendor:huaweimodel:hege-560scope:eqversion:1.0.1.20\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550xscope:eqversion:1.0.0.71\(sp2\)

Trust: 1.0

vendor:huaweimodel:osca-550axscope:eqversion:1.0.0.71\(sp2\)

Trust: 1.0

vendor:huaweimodel:hege-560scope:eqversion:1.0.1.20(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550scope:eqversion:1.0.0.71(sp1)

Trust: 0.8

vendor:huaweimodel:osca-550ascope:eqversion:1.0.0.71(sp1)

Trust: 0.8

vendor:huaweimodel:osca-550axscope:eqversion:1.0.0.71(sp2)

Trust: 0.8

vendor:huaweimodel:osca-550xscope:eqversion:1.0.0.71(sp2)

Trust: 0.8

vendor:huaweimodel:hege-560 1.0.1.20scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550 1.0.0.71scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550a 1.0.0.71scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550ax 1.0.0.71scope: - version: -

Trust: 0.6

vendor:huaweimodel:osca-550x 1.0.0.71scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-36729 // JVNDB: JVNDB-2020-002083 // NVD: CVE-2020-1843

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1843
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002083
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-36729
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-1458
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1843
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002083
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-36729
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1843
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002083
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-36729 // JVNDB: JVNDB-2020-002083 // CNNVD: CNNVD-202001-1458 // NVD: CVE-2020-1843

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2020-002083 // NVD: CVE-2020-1843

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1458

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002083

PATCH
title:huawei-sa-20200122-02-oscaurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en
Trust: 0.8
title:Patch for Multiple Huawei products have insufficient verification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/224753
Trust: 0.6
title:Multiple Huawei Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110205
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-36729 // 
            
            
            
            JVNDB: JVNDB-2020-002083 // 
            
            
            
            CNNVD: CNNVD-202001-1458

EXTERNAL IDS
db:NVDid:CVE-2020-1843
Trust: 3.0
db:JVNDBid:JVNDB-2020-002083
Trust: 0.8
db:CNVDid:CNVD-2020-36729
Trust: 0.6
db:CNNVDid:CNNVD-202001-1458
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-36729 // 
            
            
            
            JVNDB: JVNDB-2020-002083 // 
            
            
            
            CNNVD: CNNVD-202001-1458 // 
            
            
            
            NVD: CVE-2020-1843

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-02-osca-en
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1843
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1843
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200122-02-osca-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-36729 // 
            
            
            
            JVNDB: JVNDB-2020-002083 // 
            
            
            
            CNNVD: CNNVD-202001-1458 // 
            
            
            
            NVD: CVE-2020-1843

SOURCES
db:CNVDid:CNVD-2020-36729
db:JVNDBid:JVNDB-2020-002083
db:CNNVDid:CNNVD-202001-1458
db:NVDid:CVE-2020-1843

LAST UPDATE DATE
2024-11-23T21:51:40.190000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-36729date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-002083date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1458date:2021-08-16T00:00:00
db:NVDid:CVE-2020-1843date:2024-11-21T05:11:28.697

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-36729date:2020-07-07T00:00:00
db:JVNDBid:JVNDB-2020-002083date:2020-03-04T00:00:00
db:CNNVDid:CNNVD-202001-1458date:2020-01-22T00:00:00
db:NVDid:CVE-2020-1843date:2020-02-18T03:15:11.217