Vulnerability Details CVE-2020-9117
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
Products affected by CVE-2020-9117
-
cpe:2.3:h:huawei:nova_4:-
-
cpe:2.3:h:huawei:sydneym-al00:-
-
cpe:2.3:o:huawei:nova_4_firmware:-
-
cpe:2.3:o:huawei:nova_4_firmware:10.0.0.160(c01e32r2p4)
-
cpe:2.3:o:huawei:nova_4_firmware:9.1.0.225(c636e1r4p1)
-
cpe:2.3:o:huawei:sydneym-al00_firmware:-
-
cpe:2.3:o:huawei:sydneym-al00_firmware:10.0.0.159(c00e64r1p5)
-
cpe:2.3:o:huawei:sydneym-al00_firmware:9.1.0.212(c00e62r1p7t8)
-
cpe:2.3:o:huawei:sydneym-al00_firmware:9.1.0.228(c00e78r1p7t8)