Buffer Error Vulnerability in Huawei Products
CVE-2020-9086

4.3MEDIUM

Key Information:

Vendor: Huawei
Status: Huawei 4g Router B612
Vendor: CVE Published:; 27 December 2024

Summary

A significant buffer error vulnerability exists in a range of Huawei products, which can be exploited by unauthenticated attackers. The issue arises from inadequate input validation, allowing attackers to send specially crafted Universal Plug and Play (UPNP) messages to the affected devices. If successfully exploited, this vulnerability may disrupt services, affecting the normal operations of the impacted devices. Users of Huawei products are advised to remain vigilant and apply any security patches provided by the manufacturer to mitigate potential risks.

Affected Version(s)

HUAWEI 4G Router B612 B612s-25dTCPU-V100R001B192D03SP00C234

HUAWEI 4G Router B612 B612s-25dTCPU-V100R001B192D03SP00C287

HUAWEI 4G Router B612 B612s-25dTCPU-V100R001B192D05SP00C00

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Feb 18, 2020