Insufficient Integrity Validation in OSCA Devices by Huawei
CVE-2020-1802

4.6MEDIUM

Key Information:

Vendor: Huawei
Status: Osca-550;osca-550a;osca-550ax;osca-550x
Vendor: CVE Published:; 10 April 2020

Summary

An insufficient integrity validation issue exists in multiple Huawei OSCA devices. This vulnerability allows attackers to exploit the device by loading malicious files via USB due to inadequate verification during the loading process. Successful exploitation can compromise device integrity and security, emphasizing the need for users to update to secure versions.

Affected Version(s)

OSCA-550;OSCA-550A;OSCA-550AX;OSCA-550X 1.0.1.23(SP2)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2020
Vulnerability Reserved
Nov 29, 2019