Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for cm-h-shark-bd_firmware by huawei

    CVE-2020-36602 (GCVE-0-2020-36602)

    Vulnerability from nvd – Published: 2022-09-20 19:42 – Updated: 2025-05-28 16:04
    VLAI
    Summary
    There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds Read and Write
    • CWE-125 - Out-of-bounds Read
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a 576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD Affected: 1.0.0.576-fullpackage
    Affected: 1.0.0.577-fullpackage
    Affected: 1.0.0.581-fullpackage
    Affected: 1.0.0.586-fullpackage
    Affected: 1.0.0.588-fullpackage
    Affected: 1.0.0.606-fullpackage
    Affected: 1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5
    Affected: 1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:30:08.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T16:04:35.499045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T16:04:39.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.576-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.577-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.581-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.586-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.588-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.606-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds Read and Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-20T19:42:39.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2020-36602",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0.576-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.577-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.581-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.586-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.588-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.606-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
                              },
                              {
                                "version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read and Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2020-36602",
        "datePublished": "2022-09-20T19:42:39.000Z",
        "dateReserved": "2022-08-25T00:00:00.000Z",
        "dateUpdated": "2025-05-28T16:04:39.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36602 (GCVE-0-2020-36602)

    Vulnerability from cvelistv5 – Published: 2022-09-20 19:42 – Updated: 2025-05-28 16:04
    VLAI
    Summary
    There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bounds Read and Write
    • CWE-125 - Out-of-bounds Read
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a 576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD Affected: 1.0.0.576-fullpackage
    Affected: 1.0.0.577-fullpackage
    Affected: 1.0.0.581-fullpackage
    Affected: 1.0.0.586-fullpackage
    Affected: 1.0.0.588-fullpackage
    Affected: 1.0.0.606-fullpackage
    Affected: 1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5
    Affected: 1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:30:08.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36602",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-28T16:04:35.499045Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-28T16:04:39.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0.576-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.577-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.581-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.586-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.588-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.606-fullpackage"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bounds Read and Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-20T19:42:39.000Z",
            "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
            "shortName": "huawei"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@huawei.com",
              "ID": "CVE-2020-36602",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "576up005 HOTA-CM-H-Shark-BD;577HOTA-CM-H-Shark-BD;581up-HOTA-CM-H-Shark-BD;586-HOTA-CM-H-Shark-BD;588-HOTA-CM-H-Shark-BD;606-HOTA-CM-H-Shark-BD;BI-ACC-REPORT;CM-H-Shark-BD",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0.576-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.577-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.581-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.586-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.588-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.606-fullpackage"
                              },
                              {
                                "version_value": "1.0.0.1,1.0.0.2,1.0.0.3,1.0.0.4,1.0.0.5"
                              },
                              {
                                "version_value": "1.0.0.106,1.0.0.116,1.0.0.202,1.0.0.208,1.0.0.216,1.0.0.226,1.0.0.228,1.0.0.510,1.0.0.520,1.0.0.522,1.0.0.566,1.0.0.576,1.0.0.578,1.0.0.586,1.0.0.588,1.0.0.66(VN2-SP11),1.0.0.66(VN2-SP15),1.0.0.66(VN2-SP17),1.0.0.66(VN2-SP21),1.0.0.66(VN2-SP27),1.0.0.66(VN2-SP29),1.0.0.66(VN2-SP31),1.0.0.66(VN2-SP33),1.9.0.208,1.9.0.216,1.9.0.226,1.9.0.228,1.9.0.510,1.9.0.520,1.9.0.522,1.9.0.566,1.9.0.578,1.9.0.586,1.9.0.588"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read and Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en",
                  "refsource": "MISC",
                  "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "assignerShortName": "huawei",
        "cveId": "CVE-2020-36602",
        "datePublished": "2022-09-20T19:42:39.000Z",
        "dateReserved": "2022-08-25T00:00:00.000Z",
        "dateUpdated": "2025-05-28T16:04:39.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }