FKIE_CVE-2020-9067
Vulnerability from fkie_nvd - Published: 2020-04-02 21:15 - Updated: 2026-06-17 03:27
Severity
Summary
There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| huawei | smartax_ma5600t_firmware | v800r013c10 | |
| huawei | smartax_ma5600t_firmware | v800r015c00 | |
| huawei | smartax_ma5600t_firmware | v800r015c10 | |
| huawei | smartax_ma5600t_firmware | v800r017c00 | |
| huawei | smartax_ma5600t_firmware | v800r017c10 | |
| huawei | smartax_ma5600t_firmware | v800r018c00 | |
| huawei | smartax_ma5600t_firmware | v800r018c10 | |
| huawei | smartax_ma5600t | - | |
| huawei | smartax_ma5800_firmware | v100r017c00 | |
| huawei | smartax_ma5800_firmware | v100r017c10 | |
| huawei | smartax_ma5800_firmware | v100r018c00 | |
| huawei | smartax_ma5800_firmware | v100r018c10 | |
| huawei | smartax_ma5800_firmware | v100r019c10 | |
| huawei | smartax_ma5800 | - | |
| huawei | smartax_ea5800_firmware | v100r018c00 | |
| huawei | smartax_ea5800_firmware | v100r018c10 | |
| huawei | smartax_ea5800_firmware | v100r019c10 | |
| huawei | smartax_ea5800 | - |
{
"affected": [
{
"affectedData": [
{
"product": "SmartAX MA5600T",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V800R013C10"
},
{
"status": "affected",
"version": "V800R015C00"
},
{
"status": "affected",
"version": "V800R015C10"
},
{
"status": "affected",
"version": "V800R017C00"
},
{
"status": "affected",
"version": "V800R017C10"
},
{
"status": "affected",
"version": "V800R018C00"
},
{
"status": "affected",
"version": "V800R018C10"
}
]
},
{
"product": "SmartAX MA5800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R017C00"
},
{
"status": "affected",
"version": "V100R017C10"
},
{
"status": "affected",
"version": "V100R018C00"
},
{
"status": "affected",
"version": "V100R018C10"
},
{
"status": "affected",
"version": "V100R019C10"
}
]
},
{
"product": "SmartAX EA5800",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V100R018C00"
},
{
"status": "affected",
"version": "V100R018C10"
},
{
"status": "affected",
"version": "V100R019C10"
}
]
}
],
"source": "psirt@huawei.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r013c10:*:*:*:*:*:*:*",
"matchCriteriaId": "A164C700-0C00-4536-9DC7-28212B3A578D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c00:*:*:*:*:*:*:*",
"matchCriteriaId": "EE95BA25-1998-422B-AC3D-8EF1A60C8564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r015c10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DC8A216-F784-4038-8A8E-2118D81ABD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c00:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEE3413-8909-48D1-94AA-6EBAAA40CEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r017c10:*:*:*:*:*:*:*",
"matchCriteriaId": "E713F2DA-18E2-4CAF-8972-DF742627BBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c00:*:*:*:*:*:*:*",
"matchCriteriaId": "0608D68B-B4A6-4B83-B6ED-8A892AA38605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5600t_firmware:v800r018c10:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC87D54-20D5-49C7-8698-297617ECA6D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:smartax_ma5600t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14106F76-4E6B-4377-ACFC-FDE6C3DB8FA8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c00:*:*:*:*:*:*:*",
"matchCriteriaId": "78BD802F-5A10-42A4-AE67-F28A70DA1468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r017c10:*:*:*:*:*:*:*",
"matchCriteriaId": "9248DC4A-07C7-446F-A95D-C4CEC1BFA7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D08191BA-E7E6-402F-8653-70A9044607D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r018c10:*:*:*:*:*:*:*",
"matchCriteriaId": "B653563E-34ED-49E1-B79C-2074BA426BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ma5800_firmware:v100r019c10:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF7926F-0868-41A9-BFB9-25A65982D06F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:smartax_ma5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E647FBD-CD79-442B-AAC5-64A2419BBD76",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c00:*:*:*:*:*:*:*",
"matchCriteriaId": "019082B0-5A44-4655-91CC-C4C945CEE9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r018c10:*:*:*:*:*:*:*",
"matchCriteriaId": "92096DD2-2E6D-4344-ABEF-E32360C9FE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:smartax_ea5800_firmware:v100r019c10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEB7EF9-0C90-4499-BE9D-2C649FA12572",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:smartax_ea5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7598F036-E6B9-4552-B79F-800417F94CFD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de desbordamiento del b\u00fafer en algunos productos Huawei. Un atacante puede explotar la vulnerabilidad para llevar a cabo una ejecuci\u00f3n de c\u00f3digo remota en los productos afectados cuando el producto afectado funciona como un terminal de l\u00ednea \u00f3ptica (OLT). Las versiones de productos afectados incluyen: SmartAX MA5600T versiones V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versiones V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versiones V100R018C00, V100R018C10, V100R019C10."
}
],
"id": "CVE-2020-9067",
"lastModified": "2026-06-17T03:27:26.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-02T21:15:13.927",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200401-01-overflow-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…