8

CVE-2020-9067

There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal (OLT). Affected product versions include:SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10; SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10; SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10.

Data is provided by the National Vulnerability Database (NVD)
HuaweiSmartax Ma5600t Firmware Versionv800r013c10
   HuaweiSmartax Ma5600t Version-
HuaweiSmartax Ma5600t Firmware Versionv800r015c00
   HuaweiSmartax Ma5600t Version-
HuaweiSmartax Ma5600t Firmware Versionv800r015c10
   HuaweiSmartax Ma5600t Version-
HuaweiSmartax Ma5600t Firmware Versionv800r017c00
   HuaweiSmartax Ma5600t Version-
HuaweiSmartax Ma5600t Firmware Versionv800r017c10
   HuaweiSmartax Ma5600t Version-
HuaweiSmartax Ma5600t Firmware Versionv800r018c00
   HuaweiSmartax Ma5600t Version-
HuaweiSmartax Ma5600t Firmware Versionv800r018c10
   HuaweiSmartax Ma5600t Version-
HuaweiSmartax Ma5800 Firmware Versionv100r017c00
   HuaweiSmartax Ma5800 Version-
HuaweiSmartax Ma5800 Firmware Versionv100r017c10
   HuaweiSmartax Ma5800 Version-
HuaweiSmartax Ma5800 Firmware Versionv100r018c00
   HuaweiSmartax Ma5800 Version-
HuaweiSmartax Ma5800 Firmware Versionv100r018c10
   HuaweiSmartax Ma5800 Version-
HuaweiSmartax Ma5800 Firmware Versionv100r019c10
   HuaweiSmartax Ma5800 Version-
HuaweiSmartax Ea5800 Firmware Versionv100r018c00
   HuaweiSmartax Ea5800 Version-
HuaweiSmartax Ea5800 Firmware Versionv100r018c10
   HuaweiSmartax Ea5800 Version-
HuaweiSmartax Ea5800 Firmware Versionv100r019c10
   HuaweiSmartax Ea5800 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.18% 0.363
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8 2.1 5.9
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.2 5.1 6.4
AV:A/AC:L/Au:S/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.