{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-9086", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "state": "PUBLISHED", "assignerShortName": "huawei", "dateReserved": "2020-02-18T00:00:00.000Z", "datePublished": "2024-12-27T09:40:03.261Z", "dateUpdated": "2024-12-27T15:06:52.987Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HUAWEI 4G Router B612", "vendor": "Huawei", "versions": [{"status": "affected", "version": "B612s-25dTCPU-V100R001B192D03SP00C234"}, {"status": "affected", "version": "B612s-25dTCPU-V100R001B192D03SP00C287"}, {"status": "affected", "version": "B612s-25dTCPU-V100R001B192D05SP00C00"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)</p><p>This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.</p>"}], "value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-124", "description": "CWE-124 Buffer Underwrite ('Buffer Underflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-12-27T09:40:03.261Z"}, "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-27T15:06:44.647462Z", "id": "CVE-2020-9086", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-27T15:06:52.987Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-9086", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-27T15:06:44.647462Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-27T15:06:48.740Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Huawei", "product": "HUAWEI 4G Router B612", "versions": [{"status": "affected", "version": "B612s-25dTCPU-V100R001B192D03SP00C234"}, {"status": "affected", "version": "B612s-25dTCPU-V100R001B192D03SP00C287"}, {"status": "affected", "version": "B612s-25dTCPU-V100R001B192D05SP00C00"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.", "supportingMedia": [{"type": "text/html", "value": "<p>There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)</p><p>This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-124", "description": "CWE-124 Buffer Underwrite ('Buffer Underflow')"}]}], "providerMetadata": {"orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei", "dateUpdated": "2024-12-27T09:40:03.261Z"}}}, "cveMetadata": {"cveId": "CVE-2020-9086", "state": "PUBLISHED", "dateUpdated": "2024-12-27T15:06:52.987Z", "dateReserved": "2020-02-18T00:00:00.000Z", "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "datePublished": "2024-12-27T09:40:03.261Z", "assignerShortName": "huawei"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c234:*:*:*:*:*:*:*", "matchCriteriaId": "5DA74362-63EF-402C-8DE4-608BF00B9A22", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d03sp00c287:*:*:*:*:*:*:*", "matchCriteriaId": "B7B3FDDF-0E22-4778-B4B3-A9E77A7E8D80", "vulnerable": true}, {"criteria": "cpe:2.3:o:huawei:b612_firmware:b612s-25dtcpu-v100r001b192d05sp00c00:*:*:*:*:*:*:*", "matchCriteriaId": "D187A75B-E3D7-4B34-B2E5-F5FA8E557F80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:b612:-:*:*:*:*:*:*:*", "matchCriteriaId": "F304357B-3B8D-49C0-AD8A-DC7F11B586BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234)\n\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086."}, {"lang": "es", "value": "Existe una vulnerabilidad de error de b\u00fafer en algunos productos de Huawei. Un atacante no autenticado puede enviar un mensaje UPNP especial a los productos afectados. Debido a la validaci\u00f3n de entrada insuficiente de alg\u00fan valor, una explotaci\u00f3n exitosa puede provocar que algunos servicios sean anormales. (Identificaci\u00f3n de vulnerabilidad: HWPSIRT-2017-08234) A esta vulnerabilidad se le ha asignado una identificaci\u00f3n de vulnerabilidades y exposiciones comunes (CVE): CVE-2020-9086."}], "id": "CVE-2020-9086", "lastModified": "2025-01-13T19:34:15.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@huawei.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-12-27T10:15:12.800", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-124"}], "source": "psirt@huawei.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}