Details of VAR-202008-1260

ID

VAR-202008-1260

CVE

CVE-2020-9085

TITLE

Huawei of HUAWEI 4G Router B612 in the firmware NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-018352

DESCRIPTION

There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085. Huawei of HUAWEI 4G Router B612 The firmware has NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Huawei 4G Router B612 is a 4G router device. Huawei 4G Router B612 has a null pointer reference vulnerability in processing message parameters, allowing remote attackers to use the vulnerability to submit special requests, which can crash the application and cause a denial of service attack

Trust: 2.16

sources: NVD: CVE-2020-9085 // JVNDB: JVNDB-2020-018352 // CNVD: CNVD-2020-52404

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-52404

AFFECTED PRODUCTS

vendor:	huawei	model:	b612	scope:	eq	version:	b612s-25dtcpu-v100r001b192d03sp00c234	Trust: 1.0
vendor:	huawei	model:	b612	scope:	eq	version:	b612s-25dtcpu-v100r001b192d03sp00c287	Trust: 1.0
vendor:	huawei	model:	b612	scope:	eq	version:	b612s-25dtcpu-v100r001b192d05sp00c00	Trust: 1.0
vendor:	huawei	model:	4g router b612	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	eq	version:	huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d03sp00c287	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	eq	version:	huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d03sp00c234	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	eq	version:	huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d05sp00c00	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	4g router b612 b612s-25dtcpu-v100r001b192d03sp00c234	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	4g router b612 b612s-25dtcpu-v100r001b192d03sp00c287	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	4g router b612 b612s-25dtcpu-v100r001b192d05sp00c00	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-52404 // JVNDB: JVNDB-2020-018352 // NVD: CVE-2020-9085

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com:	CVE-2020-9085
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2020-9085
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9085
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-52404
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-1306
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2020-52404
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@huawei.com:	CVE-2020-9085
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-9085
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-52404 // JVNDB: JVNDB-2020-018352 // CNNVD: CNNVD-202008-1306 // NVD: CVE-2020-9085 // NVD: CVE-2020-9085

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8
problemtype:	NULL Pointer dereference (CWE-476) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018352 // NVD: CVE-2020-9085

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1306

PATCH

title:	Patch for Huawei 4G Router B612 message processing denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/234331	Trust: 0.6
title:	Huawei 4G Router B612 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126942	Trust: 0.6

sources: CNVD: CNVD-2020-52404 // CNNVD: CNNVD-202008-1306

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9085	Trust: 3.8
db:	JVNDB	id:	JVNDB-2020-018352	Trust: 0.8
db:	CNVD	id:	CNVD-2020-52404	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-1306	Trust: 0.6

sources: CNVD: CNVD-2020-52404 // JVNDB: JVNDB-2020-018352 // CNNVD: CNNVD-202008-1306 // NVD: CVE-2020-9085

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9085	Trust: 0.8
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-01-pointer_cn	Trust: 0.6

sources: CNVD: CNVD-2020-52404 // JVNDB: JVNDB-2020-018352 // CNNVD: CNNVD-202008-1306 // NVD: CVE-2020-9085

SOURCES

db:	CNVD	id:	CNVD-2020-52404
db:	JVNDB	id:	JVNDB-2020-018352
db:	CNNVD	id:	CNNVD-202008-1306
db:	NVD	id:	CVE-2020-9085

LAST UPDATE DATE

2025-01-18T23:14:46.370000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-52404	date:	2020-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-018352	date:	2025-01-16T07:10:00
db:	CNNVD	id:	CNNVD-202008-1306	date:	2021-07-13T00:00:00
db:	NVD	id:	CVE-2020-9085	date:	2025-01-13T19:35:55.387

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-52404	date:	2020-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-018352	date:	2025-01-16T00:00:00
db:	CNNVD	id:	CNNVD-202008-1306	date:	2020-08-26T00:00:00
db:	NVD	id:	CVE-2020-9085	date:	2024-12-27T10:15:12.217