Vulnerability-Lookup

CVE-2020-1789 (GCVE-0-2020-1789)

Vulnerability from cvelistv5 – Published: 2020-02-18 02:50 – Updated: 2024-08-04 06:46

Summary

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Insufficient Authentication

Assigner

huawei

References

1 reference

URL	Tags
http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Huawei	OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X	Affected: 1.0.1.21(SP3)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X",
          "vendor": "Huawei",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.1.21(SP3)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient Authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-18T02:50:43.000Z",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.1.21(SP3)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Huawei"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2020-1789",
    "datePublished": "2020-02-18T02:50:43.000Z",
    "dateReserved": "2019-11-29T00:00:00.000Z",
    "dateUpdated": "2024-08-04T06:46:30.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-1789",
      "date": "2026-06-03",
      "epss": "0.00061",
      "percentile": "0.19143"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-1789\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2020-02-18T03:15:10.937\",\"lastModified\":\"2024-11-21T05:11:23.067\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.\"},{\"lang\":\"es\",\"value\":\"Los productos Huawei OSCA-550, OSCA-550A, OSCA-550AX y OSCA-550X con la versi\u00f3n 1.0.1.21, presentan una vulnerabilidad de autenticaci\u00f3n insuficiente. El software no requiere una credencial fuerte cuando el usuario intenta hacer determinadas operaciones. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante omitir la autenticaci\u00f3n y hacer determinadas operaciones con una credencial d\u00e9bil.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:osca-550_firmware:1.0.1.21\\\\(sp3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5785116E-F7CF-49BA-8833-98913F81630C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:osca-550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0D0122F-89FF-4B3E-8837-2E07A0D27105\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:osca-550a_firmware:1.0.1.21\\\\(sp3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A17B82-6007-416F-8EB8-19A73EDEF52B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:osca-550a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D4E574D-DEFF-48CC-81F0-28DB6432EF13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:osca-550ax_firmware:1.0.1.21\\\\(sp3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAFE434F-2C9A-4B04-A916-0E9BBB940EDF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:osca-550ax:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62EEE25C-2FA4-4B64-9680-387380D97352\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:osca-550x_firmware:1.0.1.21\\\\(sp3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42AD7C07-1559-45F3-A364-1F9AB8D0B4E7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:osca-550x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565AF527-86EF-4314-A645-B99D0C4C62C2\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2020-36727

Vulnerability from cnvd - Published: 2020-07-07

Title

多款Huawei产品不充分认证漏洞

Description

OSCA-550AX是华为旗下品牌荣耀推出的一款55寸智慧屏。OSCA-550A是荣耀推出的首款55寸采用华为鸿蒙操作系统的终端智慧屏。多款Huawei产品存在安全漏洞，该漏洞源于系统未能要求用户提供满足复杂度要求的认证凭证。攻击者可借助一个简单的凭证利用该漏洞执行操作。

Severity

中

Patch Name

多款Huawei产品不充分认证漏洞的补丁

Patch Description

OSCA-550AX是华为旗下品牌荣耀推出的一款55寸智慧屏。OSCA-550A是荣耀推出的首款55寸采用华为鸿蒙操作系统的终端智慧屏。多款Huawei产品存在安全漏洞，该漏洞源于系统未能要求用户提供满足复杂度要求的认证凭证。攻击者可借助一个简单的凭证利用该漏洞执行操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200121-01-osca-cn

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en

Impacted products

Name
['Huawei OSCA-550 1.0.1.21(SP3)', 'Huawei OSCA-550A 1.0.1.21(SP3)', 'Huawei OSCA-550AX 1.0.1.21(SP3)', 'Huawei OSCA-550X 1.0.1.21(SP3)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1789",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-1789"
    }
  },
  "description": "OSCA-550AX\u662f\u534e\u4e3a\u65d7\u4e0b\u54c1\u724c\u8363\u8000\u63a8\u51fa\u7684\u4e00\u6b3e55\u5bf8\u667a\u6167\u5c4f\u3002OSCA-550A\u662f\u8363\u8000\u63a8\u51fa\u7684\u9996\u6b3e55\u5bf8\u91c7\u7528\u534e\u4e3a\u9e3f\u8499\u64cd\u4f5c\u7cfb\u7edf\u7684\u7ec8\u7aef\u667a\u6167\u5c4f\u3002\n\n\u591a\u6b3eHuawei\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u672a\u80fd\u8981\u6c42\u7528\u6237\u63d0\u4f9b\u6ee1\u8db3\u590d\u6742\u5ea6\u8981\u6c42\u7684\u8ba4\u8bc1\u51ed\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u4e00\u4e2a\u7b80\u5355\u7684\u51ed\u8bc1\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200121-01-osca-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-36727",
  "openTime": "2020-07-07",
  "patchDescription": "OSCA-550AX\u662f\u534e\u4e3a\u65d7\u4e0b\u54c1\u724c\u8363\u8000\u63a8\u51fa\u7684\u4e00\u6b3e55\u5bf8\u667a\u6167\u5c4f\u3002OSCA-550A\u662f\u8363\u8000\u63a8\u51fa\u7684\u9996\u6b3e55\u5bf8\u91c7\u7528\u534e\u4e3a\u9e3f\u8499\u64cd\u4f5c\u7cfb\u7edf\u7684\u7ec8\u7aef\u667a\u6167\u5c4f\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7cfb\u7edf\u672a\u80fd\u8981\u6c42\u7528\u6237\u63d0\u4f9b\u6ee1\u8db3\u590d\u6742\u5ea6\u8981\u6c42\u7684\u8ba4\u8bc1\u51ed\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u4e00\u4e2a\u7b80\u5355\u7684\u51ed\u8bc1\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei\u4ea7\u54c1\u4e0d\u5145\u5206\u8ba4\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei OSCA-550 1.0.1.21(SP3)",
      "Huawei OSCA-550A 1.0.1.21(SP3)",
      "Huawei OSCA-550AX 1.0.1.21(SP3)",
      "Huawei OSCA-550X 1.0.1.21(SP3)"
    ]
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-09",
  "title": "\u591a\u6b3eHuawei\u4ea7\u54c1\u4e0d\u5145\u5206\u8ba4\u8bc1\u6f0f\u6d1e"
}

FKIE_CVE-2020-1789

Vulnerability from fkie_nvd - Published: 2020-02-18 03:15 - Updated: 2024-11-21 05:11

Severity

6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	osca-550_firmware	1.0.1.21\(sp3\)
huawei	osca-550	-
huawei	osca-550a_firmware	1.0.1.21\(sp3\)
huawei	osca-550a	-
huawei	osca-550ax_firmware	1.0.1.21\(sp3\)
huawei	osca-550ax	-
huawei	osca-550x_firmware	1.0.1.21\(sp3\)
huawei	osca-550x	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:osca-550_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5785116E-F7CF-49BA-8833-98913F81630C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:osca-550:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0D0122F-89FF-4B3E-8837-2E07A0D27105",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:osca-550a_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A17B82-6007-416F-8EB8-19A73EDEF52B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:osca-550a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4E574D-DEFF-48CC-81F0-28DB6432EF13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:osca-550ax_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EAFE434F-2C9A-4B04-A916-0E9BBB940EDF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:osca-550ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62EEE25C-2FA4-4B64-9680-387380D97352",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:osca-550x_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "42AD7C07-1559-45F3-A364-1F9AB8D0B4E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:osca-550x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "565AF527-86EF-4314-A645-B99D0C4C62C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential."
    },
    {
      "lang": "es",
      "value": "Los productos Huawei OSCA-550, OSCA-550A, OSCA-550AX y OSCA-550X con la versi\u00f3n 1.0.1.21, presentan una vulnerabilidad de autenticaci\u00f3n insuficiente. El software no requiere una credencial fuerte cuando el usuario intenta hacer determinadas operaciones. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante omitir la autenticaci\u00f3n y hacer determinadas operaciones con una credencial d\u00e9bil."
    }
  ],
  "id": "CVE-2020-1789",
  "lastModified": "2024-11-21T05:11:23.067",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-18T03:15:10.937",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PH9C-5F5M-XHGQ

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-1789"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-18T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.",
  "id": "GHSA-ph9c-5f5m-xhgq",
  "modified": "2022-05-24T17:09:14Z",
  "published": "2022-05-24T17:09:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1789"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-1789

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-1789

Aliases

CVE-2020-1789

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-1789",
    "description": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.",
    "id": "GSD-2020-1789"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-1789"
      ],
      "details": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.",
      "id": "GSD-2020-1789",
      "modified": "2023-12-13T01:21:58.607311Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2020-1789",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.0.1.21(SP3)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Huawei"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Insufficient Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:osca-550_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:osca-550:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:osca-550a_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:osca-550a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:osca-550ax_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:osca-550ax:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:osca-550x_firmware:1.0.1.21\\(sp3\\):*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:osca-550x:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2020-1789"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-02-20T19:22Z",
      "publishedDate": "2020-02-18T03:15Z"
    }
  }
}

VAR-202002-0572

Vulnerability from variot - Updated: 2024-11-23 22:37

Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. OSCA-550AX is a 55-inch smart screen launched by Huawei's glory brand. OSCA-550A is the first 55-inch terminal smart screen using Huawei Hongmeng operating system launched by Honor. The vulnerability stems from the system's failure to require users to provide authentication credentials that meet complexity requirements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0572",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "osca-550",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "1.0.1.21\\(sp3\\)"
      },
      {
        "model": "osca-550a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "1.0.1.21\\(sp3\\)"
      },
      {
        "model": "osca-550x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "1.0.1.21\\(sp3\\)"
      },
      {
        "model": "osca-550ax",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "1.0.1.21\\(sp3\\)"
      },
      {
        "model": "osca-550",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "1.0.1.21(sp3)"
      },
      {
        "model": "osca-550a",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "1.0.1.21(sp3)"
      },
      {
        "model": "osca-550ax",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "1.0.1.21(sp3)"
      },
      {
        "model": "osca-550x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "1.0.1.21(sp3)"
      },
      {
        "model": "osca-550 1.0.1.21",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "osca-550a 1.0.1.21",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "osca-550ax 1.0.1.21",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "osca-550x 1.0.1.21",
        "scope": null,
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:huawei:osca-550_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:osca-550a_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:osca-550ax_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:huawei:osca-550x_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vulnerability was discovered by Huawei internal testing.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-1789",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-1789",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002090",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-36727",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "id": "CVE-2020-1789",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002090",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-1789",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-002090",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-36727",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-938",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. OSCA-550AX is a 55-inch smart screen launched by Huawei\u0027s glory brand. OSCA-550A is the first 55-inch terminal smart screen using Huawei Hongmeng operating system launched by Honor. The vulnerability stems from the system\u0027s failure to require users to provide authentication credentials that meet complexity requirements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-1789",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "id": "VAR-202002-0572",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      }
    ],
    "trust": 1.1555556
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:37:33.090000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20200121-01-osca",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
      },
      {
        "title": "Patch for Multiple Huawei products have insufficient certification vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/224775"
      },
      {
        "title": "Multiple Huawei Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110176"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200121-01-osca-en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1789"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1789"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200121-01-osca-cn"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "date": "2020-03-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "date": "2020-01-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      },
      {
        "date": "2020-02-18T03:15:10.937000",
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-36727"
      },
      {
        "date": "2020-03-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      },
      {
        "date": "2021-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      },
      {
        "date": "2024-11-21T05:11:23.067000",
        "db": "NVD",
        "id": "CVE-2020-1789"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei Product authentication vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002090"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-938"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-1789 (GCVE-0-2020-1789)

CNVD-2020-36727

FKIE_CVE-2020-1789

GHSA-PH9C-5F5M-XHGQ

GSD-2020-1789

VAR-202002-0572

Tags

Sightings

Nomenclature