Sign-up

ID

VAR-202412-3262


CVE

CVE-2020-9253


TITLE

Huawei  of  Lion-AL00C  Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353

DESCRIPTION

There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253. Huawei of Lion-AL00C An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Huawei Lion-AL00C is a smartphone from Huawei, a Chinese company

Trust: 2.16

sources: NVD: CVE-2020-9253 // JVNDB: JVNDB-2020-018353 // CNVD: CNVD-2025-02254

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02254

AFFECTED PRODUCTS

vendor:huaweimodel:lion-al00cscope:ltversion:10.1.0.150\(c00e136r5p3\)

Trust: 1.0

vendor:huaweimodel:lion-al00cscope:eqversion:lion-al00c firmware 10.1.0.150(c00e136r5p3)

Trust: 0.8

vendor:huaweimodel:lion-al00cscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:lion-al00cscope: - version: -

Trust: 0.8

vendor:huaweimodel:lion-al00c <=10.1.0.150scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-02254 // JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@huawei.com: CVE-2020-9253
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2020-9253
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9253
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-02254
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-02254
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

psirt@huawei.com: CVE-2020-9253
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2020-9253
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-9253
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02254 // JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253 // NVD: CVE-2020-9253

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

PATCH

title:Patch for Huawei Lion-AL00C Stack Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/652976

Trust: 0.6

sources: CNVD: CNVD-2025-02254

EXTERNAL IDS

db:NVDid:CVE-2020-9253

Trust: 3.2

db:JVNDBid:JVNDB-2020-018353

Trust: 0.8

db:CNVDid:CNVD-2025-02254

Trust: 0.6

sources: CNVD: CNVD-2025-02254 // JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-08-smartphone-en

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-9253

Trust: 0.8

sources: CNVD: CNVD-2025-02254 // JVNDB: JVNDB-2020-018353 // NVD: CVE-2020-9253

SOURCES

db:CNVDid:CNVD-2025-02254
db:JVNDBid:JVNDB-2020-018353
db:NVDid:CVE-2020-9253

LAST UPDATE DATE

2025-01-25T22:52:57.953000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02254date:2025-01-23T00:00:00
db:JVNDBid:JVNDB-2020-018353date:2025-01-16T07:11:00
db:NVDid:CVE-2020-9253date:2025-01-13T19:38:19.563

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02254date:2025-01-24T00:00:00
db:JVNDBid:JVNDB-2020-018353date:2025-01-16T00:00:00
db:NVDid:CVE-2020-9253date:2024-12-27T10:15:16.610