Search
Find a vulnerability
Search criteria
14 vulnerabilities found for taurus-an00b_firmware by huawei
CVE-2020-9112 (GCVE-0-2020-9112)
Vulnerability from nvd – Published: 2020-10-19 19:32 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.
Severity
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-19T19:32:32.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9112",
"datePublished": "2020-10-19T19:32:32.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:20.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9240 (GCVE-0-2020-9240)
Vulnerability from nvd – Published: 2020-10-12 14:05 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity
No CVSS data available.
CWE
- Buffer Read Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Read Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T14:05:06.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Read Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9240",
"datePublished": "2020-10-12T14:05:06.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:20.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9110 (GCVE-0-2020-9110)
Vulnerability from nvd – Published: 2020-10-12 14:03 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim\u0027s smartphone to launch the attack, successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T14:03:07.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim\u0027s smartphone to launch the attack, successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9110",
"datePublished": "2020-10-12T14:03:07.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9238 (GCVE-0-2020-9238)
Vulnerability from nvd – Published: 2020-10-12 13:23 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity
No CVSS data available.
CWE
- Buffer Read Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Read Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:23:19.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Read Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9238",
"datePublished": "2020-10-12T13:23:19.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:20.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9091 (GCVE-0-2020-9091)
Vulnerability from nvd – Published: 2020-10-12 13:59 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity
No CVSS data available.
CWE
- Out-of-Bounds Read and Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read and Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:59:17.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read and Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9091",
"datePublished": "2020-10-12T13:59:17.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9105 (GCVE-0-2020-9105)
Vulnerability from nvd – Published: 2020-10-09 12:30 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.
Severity
No CVSS data available.
CWE
- Insufficient Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-09T12:30:51.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9105",
"datePublished": "2020-10-09T12:30:51.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9084 (GCVE-0-2020-9084)
Vulnerability from nvd – Published: 2020-09-18 18:06 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
Severity
No CVSS data available.
CWE
- Use-after-free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:06:19.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9084",
"datePublished": "2020-09-18T18:06:19.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9112 (GCVE-0-2020-9112)
Vulnerability from cvelistv5 – Published: 2020-10-19 19:32 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.
Severity
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-19T19:32:32.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9112",
"datePublished": "2020-10-19T19:32:32.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:20.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9240 (GCVE-0-2020-9240)
Vulnerability from cvelistv5 – Published: 2020-10-12 14:05 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity
No CVSS data available.
CWE
- Buffer Read Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Read Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T14:05:06.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Read Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-bufferoverflow-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9240",
"datePublished": "2020-10-12T14:05:06.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:20.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9110 (GCVE-0-2020-9110)
Vulnerability from cvelistv5 – Published: 2020-10-12 14:03 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim\u0027s smartphone to launch the attack, successful exploit could cause information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T14:03:07.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim\u0027s smartphone to launch the attack, successful exploit could cause information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-02-informationleak-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9110",
"datePublished": "2020-10-12T14:03:07.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9091 (GCVE-0-2020-9091)
Vulnerability from cvelistv5 – Published: 2020-10-12 13:59 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity
No CVSS data available.
CWE
- Out-of-Bounds Read and Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Bounds Read and Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:59:17.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read and Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-03-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9091",
"datePublished": "2020-10-12T13:59:17.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9238 (GCVE-0-2020-9238)
Vulnerability from cvelistv5 – Published: 2020-10-12 13:23 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
Severity
No CVSS data available.
CWE
- Buffer Read Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:20.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Read Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T13:23:19.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Read Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200930-01-bufferoverflow-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9238",
"datePublished": "2020-10-12T13:23:19.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:20.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9105 (GCVE-0-2020-9105)
Vulnerability from cvelistv5 – Published: 2020-10-09 12:30 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal.
Severity
No CVSS data available.
CWE
- Insufficient Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-09T12:30:51.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200923-01-outofbound-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9105",
"datePublished": "2020-10-09T12:30:51.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9084 (GCVE-0-2020-9084)
Vulnerability from cvelistv5 – Published: 2020-09-18 18:06 – Updated: 2024-08-04 10:19
VLAI
EPSS
VEX
Summary
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
Severity
No CVSS data available.
CWE
- Use-after-free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.huawei.com/en/psirt/security-advisori… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Taurus-AN00B |
Affected:
Versions earlier than 10.1.0.156(C00E155R7P2)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:19:19.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Taurus-AN00B",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-18T18:06:19.000Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2020-9084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Taurus-AN00B",
"version": {
"version_data": [
{
"version_value": "Versions earlier than 10.1.0.156(C00E155R7P2)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en",
"refsource": "MISC",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200916-01-smartphone-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2020-9084",
"datePublished": "2020-09-18T18:06:19.000Z",
"dateReserved": "2020-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:19:19.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}