CVE-2020-9122

Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-verification-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:hirouter-cd30-10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:hirouter-cd30-10:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:hirouter-ct31-10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:hirouter-ct31-10:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:ws5200-12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ws5200-12:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:ws5281-10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ws5281-10:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:huawei:ws5800-10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ws5800-10:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:huawei:ws7100-10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ws7100-10:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:huawei:ws7200-10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ws7200-10:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-12 14:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-9122

Mitre link : CVE-2020-9122

CVE.ORG link : CVE-2020-9122

JSON object : View

Products Affected

huawei

ws5281-10
hirouter-ct31-10
ws5200-12
ws7100-10
hirouter-ct31-10_firmware
ws5800-10
ws7100-10_firmware
ws5200-12_firmware
ws7200-10
hirouter-cd30-10_firmware
hirouter-cd30-10
ws5281-10_firmware
ws5800-10_firmware
ws7200-10_firmware

CWE

CWE-20

Improper Input Validation

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-9122

6.5^/10

3.3^/10

Attach tags to `CVE-2020-9122`