Details of VAR-202008-1265

ID

VAR-202008-1265

CVE

CVE-2020-9086

TITLE

Huawei of HUAWEI 4G Router B612 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-018350

DESCRIPTION

There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086. Huawei of HUAWEI 4G Router B612 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Huawei 4G Router B612 is an LTE router product of China's Huawei (Huawei) company. The product can use 4G network as a shared hotspot. Huawei 4G Router B612 has security vulnerabilities. The vulnerability stems from the program not validating the input correctly

Trust: 2.16

sources: NVD: CVE-2020-9086 // JVNDB: JVNDB-2020-018350 // CNVD: CNVD-2021-01059

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-01059

AFFECTED PRODUCTS

vendor:	huawei	model:	b612	scope:	eq	version:	b612s-25dtcpu-v100r001b192d03sp00c234	Trust: 1.0
vendor:	huawei	model:	b612	scope:	eq	version:	b612s-25dtcpu-v100r001b192d03sp00c287	Trust: 1.0
vendor:	huawei	model:	b612	scope:	eq	version:	b612s-25dtcpu-v100r001b192d05sp00c00	Trust: 1.0
vendor:	huawei	model:	4g router b612	scope:	eq	version:	huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d03sp00c234	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	eq	version:	huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d03sp00c287	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	4g router b612	scope:	eq	version:	huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d05sp00c00	Trust: 0.8
vendor:	huawei	model:	4g router b612 b612s-25dtcpu-v100r001b192d03sp00c287	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	4g router b612 b612s-25dtcpu-v100r001b192d05sp00c00	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	4g router b612 b612s-25dtcpu-v100r001b192d03sp00c234	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-01059 // JVNDB: JVNDB-2020-018350 // NVD: CVE-2020-9086

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com:	CVE-2020-9086
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2020-9086
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9086
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-01059
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202008-1268
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2021-01059
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@huawei.com:	CVE-2020-9086
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2020-9086
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-01059 // JVNDB: JVNDB-2020-018350 // CNNVD: CNNVD-202008-1268 // NVD: CVE-2020-9086 // NVD: CVE-2020-9086

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-124	Trust: 1.0
problemtype:	buffer underflow (CWE-124) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-018350 // NVD: CVE-2020-9086

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1268

PATCH

title:	Patch for Huawei 4G Router B612 Null Pointer Dereference Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/243367	Trust: 0.6
title:	Repair measures for Huawei related security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126912	Trust: 0.6

sources: CNVD: CNVD-2021-01059 // CNNVD: CNNVD-202008-1268

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9086	Trust: 3.8
db:	JVNDB	id:	JVNDB-2020-018350	Trust: 0.8
db:	CNVD	id:	CNVD-2021-01059	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-1268	Trust: 0.6

sources: CNVD: CNVD-2021-01059 // JVNDB: JVNDB-2020-018350 // CNNVD: CNNVD-202008-1268 // NVD: CVE-2020-9086

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9086	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-01-buffer_cn	Trust: 0.6

sources: CNVD: CNVD-2021-01059 // JVNDB: JVNDB-2020-018350 // CNNVD: CNNVD-202008-1268 // NVD: CVE-2020-9086

SOURCES

db:	CNVD	id:	CNVD-2021-01059
db:	JVNDB	id:	JVNDB-2020-018350
db:	CNNVD	id:	CNNVD-202008-1268
db:	NVD	id:	CVE-2020-9086

LAST UPDATE DATE

2025-01-16T23:12:01.756000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-01059	date:	2021-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-018350	date:	2025-01-15T06:41:00
db:	CNNVD	id:	CNNVD-202008-1268	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-9086	date:	2025-01-13T19:34:15.140

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-01059	date:	2021-01-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-018350	date:	2025-01-15T00:00:00
db:	CNNVD	id:	CNNVD-202008-1268	date:	2020-08-26T00:00:00
db:	NVD	id:	CVE-2020-9086	date:	2024-12-27T10:15:12.800