Details of VAR-202004-0997

ID

VAR-202004-0997

CVE

CVE-2020-1880

TITLE

Huawei smartphone Lion-AL00C Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004656

DESCRIPTION

Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. Huawei smartphone Lion-AL00C There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Huawei Lion-AL00C is a smart phone of China's Huawei company. The vulnerability stems from the program's inability to fully verify a field

Trust: 2.25

sources: NVD: CVE-2020-1880 // JVNDB: JVNDB-2020-004656 // CNVD: CNVD-2020-27118 // VULMON: CVE-2020-1880

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-27118

AFFECTED PRODUCTS

vendor:	huawei	model:	lion-al00c	scope:	lt	version:	10.0.0.205\(c00e202r7p2\)	Trust: 1.0
vendor:	huawei	model:	lion-al00c	scope:	eq	version:	10.0.0.205(c00e202r7p2)	Trust: 0.8
vendor:	huawei	model:	lion-al00c <10.0.0.205	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	lion-al00c	scope:	eq	version:	-	Trust: 0.1

sources: CNVD: CNVD-2020-27118 // VULMON: CVE-2020-1880 // JVNDB: JVNDB-2020-004656 // NVD: CVE-2020-1880

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1880
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004656
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-27118
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-2192
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-1880
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1880
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-004656
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-27118
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-1880
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004656
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-27118 // VULMON: CVE-2020-1880 // JVNDB: JVNDB-2020-004656 // CNNVD: CNNVD-202004-2192 // NVD: CVE-2020-1880

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-004656 // NVD: CVE-2020-1880

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-2192

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-2192

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004656

PATCH

title:	huawei-sa-20200415-02-dos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en	Trust: 0.8
title:	Patch for Huawei Lion-AL00C input verification error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/216767	Trust: 0.6
title:	Huawei Lion-AL00C Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117713	Trust: 0.6

sources: CNVD: CNVD-2020-27118 // JVNDB: JVNDB-2020-004656 // CNNVD: CNNVD-202004-2192

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1880	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-004656	Trust: 0.8
db:	CNVD	id:	CNVD-2020-27118	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-2192	Trust: 0.6
db:	VULMON	id:	CVE-2020-1880	Trust: 0.1

sources: CNVD: CNVD-2020-27118 // VULMON: CVE-2020-1880 // JVNDB: JVNDB-2020-004656 // CNNVD: CNNVD-202004-2192 // NVD: CVE-2020-1880

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-1880	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200415-02-dos-en	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1880	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-27118 // VULMON: CVE-2020-1880 // JVNDB: JVNDB-2020-004656 // CNNVD: CNNVD-202004-2192 // NVD: CVE-2020-1880

SOURCES

db:	CNVD	id:	CNVD-2020-27118
db:	VULMON	id:	CVE-2020-1880
db:	JVNDB	id:	JVNDB-2020-004656
db:	CNNVD	id:	CNNVD-202004-2192
db:	NVD	id:	CVE-2020-1880

LAST UPDATE DATE

2024-11-23T22:41:07.065000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-27118	date:	2020-05-21T00:00:00
db:	VULMON	id:	CVE-2020-1880	date:	2020-04-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-004656	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2192	date:	2020-05-06T00:00:00
db:	NVD	id:	CVE-2020-1880	date:	2024-11-21T05:11:32.137

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-27118	date:	2020-05-08T00:00:00
db:	VULMON	id:	CVE-2020-1880	date:	2020-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2020-004656	date:	2020-05-25T00:00:00
db:	CNNVD	id:	CNNVD-202004-2192	date:	2020-04-27T00:00:00
db:	NVD	id:	CVE-2020-1880	date:	2020-04-27T16:15:12.803