5.3
CVE-2020-9085
- EPSS 0.1%
- Published 27.12.2024 10:15:12
- Last modified 13.01.2025 19:35:55
- Source psirt@huawei.com
- Teams watchlist Login
- Open Login
There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.
Data is provided by the National Vulnerability Database (NVD)
Huawei ≫ B612 Firmware Versionb612s-25dtcpu-v100r001b192d03sp00c234
Huawei ≫ B612 Firmware Versionb612s-25dtcpu-v100r001b192d03sp00c287
Huawei ≫ B612 Firmware Versionb612s-25dtcpu-v100r001b192d05sp00c00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.284 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| psirt@huawei.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.