VAR-202008-1265
Vulnerability from variot - Updated: 2025-01-16 23:12There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086. Huawei of HUAWEI 4G Router B612 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Huawei 4G Router B612 is an LTE router product of China's Huawei (Huawei) company. The product can use 4G network as a shared hotspot.
Huawei 4G Router B612 has security vulnerabilities. The vulnerability stems from the program not validating the input correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-1265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "b612",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "b612s-25dtcpu-v100r001b192d03sp00c234"
},
{
"model": "b612",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "b612s-25dtcpu-v100r001b192d03sp00c287"
},
{
"model": "b612",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": "b612s-25dtcpu-v100r001b192d05sp00c00"
},
{
"model": "4g router b612",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d03sp00c234"
},
{
"model": "4g router b612",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "4g router b612",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d03sp00c287"
},
{
"model": "4g router b612",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "4g router b612",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "huawei 4g router b612 firmware b612s-25dtcpu-v100r001b192d05sp00c00"
},
{
"model": "4g router b612 b612s-25dtcpu-v100r001b192d03sp00c287",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "4g router b612 b612s-25dtcpu-v100r001b192d05sp00c00",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
},
{
"model": "4g router b612 b612s-25dtcpu-v100r001b192d03sp00c234",
"scope": null,
"trust": 0.6,
"vendor": "huawei",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"cve": "CVE-2020-9086",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-01059",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "psirt@huawei.com",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-9086",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-9086",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "psirt@huawei.com",
"id": "CVE-2020-9086",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9086",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-9086",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2021-01059",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1268",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1268"
},
{
"db": "NVD",
"id": "CVE-2020-9086"
},
{
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086. Huawei of HUAWEI 4G Router B612 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Huawei 4G Router B612 is an LTE router product of China\u0027s Huawei (Huawei) company. The product can use 4G network as a shared hotspot. \n\r\n\r\nHuawei 4G Router B612 has security vulnerabilities. The vulnerability stems from the program not validating the input correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9086"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"db": "CNVD",
"id": "CNVD-2021-01059"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-9086",
"trust": 3.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018350",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-01059",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1268",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1268"
},
{
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"id": "VAR-202008-1265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
}
]
},
"last_update_date": "2025-01-16T23:12:01.756000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Huawei 4G Router B612 Null Pointer Dereference Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/243367"
},
{
"title": "Repair measures for Huawei related security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126912"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1268"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-124",
"trust": 1.0
},
{
"problemtype": "buffer underflow (CWE-124) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9086"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-01-buffer_cn"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1268"
},
{
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1268"
},
{
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"date": "2025-01-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"date": "2020-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1268"
},
{
"date": "2024-12-27T10:15:12.800000",
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-01059"
},
{
"date": "2025-01-15T06:41:00",
"db": "JVNDB",
"id": "JVNDB-2020-018350"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1268"
},
{
"date": "2025-01-13T19:34:15.140000",
"db": "NVD",
"id": "CVE-2020-9086"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei\u00a0 of \u00a0HUAWEI\u00a04G\u00a0Router\u00a0B612\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-018350"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1268"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…