CVE-2020-1837

ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition.

CVSS v3 5.3 MEDIUM
CVSS v2.0 2.9 LOW

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.9^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200624-01-dos-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:changxiang_8_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:changxiang_8_plus:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-06 18:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-1837

Mitre link : CVE-2020-1837

CVE.ORG link : CVE-2020-1837

JSON object : View

Products Affected

huawei

changxiang_8_plus_firmware
changxiang_8_plus

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-1837", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2020-07-06T18:15:20.403", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200624-01-dos-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition."}, {"lang": "es", "value": "ChangXiang 8 Plus con versiones anteriores a 9.1.0.136(C00E121R1P6T8), presenta una vulnerabilidad de denegaci\u00f3n de servicio. El dispositivo no maneja apropiadamente determinados mensajes de una estaci\u00f3n base, un atacante podr\u00eda dise\u00f1ar una estaci\u00f3n base falsa para iniciar el ataque. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar una condici\u00f3n de denegaci\u00f3n de servicio de se\u00f1al"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:changxiang_8_plus_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BB80081-C4C8-453E-BD15-27491374116C", "versionEndExcluding": "9.1.0.136\\(c00e121r1p6t8\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:changxiang_8_plus:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED01DFA5-3411-4D0D-B41D-9D6E3AD620FB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@huawei.com"}