CVE-2020-36602

Published Sep 20, 2022
Last updated 2 years ago
CVSS medium 6.1
Overview

Description: There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
Source: psirt@huawei.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 5.2
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: MEDIUM
Weaknesses

nvd@nist.gov: CWE-125
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "46D9D107-8AFF-44A8-B9BE-3122F3D9697B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CD62EE0-E64C-4FF5-8567-2EF3A10F4C7B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "592046BB-F1E6-4296-817F-0D17A684D58E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27676C44-A16B-47A6-9C11-99DC1E795AC1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B7144AAE-03BA-4ADB-81D0-150A7449EC79"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EDB97DC-3A4B-454D-9DEA-AD7A5162F936"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ADDE004F-EBF6-4DBF-9459-5D58550CBF34"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95422749-5574-4106-9BA8-EC87BDEE18D5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "191C353D-9251-4E17-A8C1-EEFB3D98943B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5E07AE8-0C69-437B-8CC8-17061600A1B6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5E00B0F4-8959-4909-858B-8EEA64330135"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF6250D5-E660-4A07-8CA7-A59F54F2A488"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0C285118-F357-43D6-B9FE-BE1A3E0907F2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F008D3C-1BBD-4A69-98D4-315B2A5D92E3"
          },
          {
            "criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0EB4E34-03D0-47B1-8DC6-96EC1BECDDF0"
          },
          {
            "criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB459247-22A8-48AC-B97D-948CAAFCA471"
          },
          {
            "criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FF84D47-BBEE-4004-AA47-E799ED2E1407"
          },
          {
            "criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "267931DA-5398-465B-A149-F32C4B577486"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BD33F24B-8D65-49B5-8AFD-A86C767346A9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp11\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F30D8A50-7540-45E0-96EB-EF1920891744"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp15\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE277CBB-DF9C-4038-8D42-76CA8771A7DE"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp17\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97381235-1F6A-4EC9-A10E-43745F2EE14C"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp21\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9B68556-1AAF-49C5-BFFB-637ED0228431"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp27\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "250E3802-BC17-40A4-A9F1-9CC89204AF50"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp29\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8756F566-6BAD-4CAD-BE60-7555AE0A0D61"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp31\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FB0B5FE-B422-4426-8856-A75A317F8A5B"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp33\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48B95F08-AEFF-4E97-A7EE-04864B871D0A"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "352B2B08-0A5D-4212-8417-38303E8CFD34"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7D49229-664A-4042-93F2-A06C371FFCBC"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6EA61A3-0583-4577-ACDE-583A3280E759"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9109225-36DA-4042-A31A-94F4A75B4675"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EEF7C64-F872-44A3-8E2C-7104F72804D5"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FBA91C1-6970-4340-AA35-84A74B632618"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9EA888A-B3A3-4F68-B7DF-0E167A02D945"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9C3C896-6EEF-402B-AE02-9607DC6E8BD9"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AD877AB-DC3C-488F-A735-298B3743CEE3"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73EE9A4D-AE78-4701-A111-F0B2AFFE7C89"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB834B04-137F-4BC0-9BF8-EBABFB407ED3"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92F09872-A718-42A9-90B5-90B8F0E6A489"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D019742C-A909-42B4-8436-952633863308"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACDED3D8-B0D5-4191-B0F2-B68B9244B2FE"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD1BA004-40B9-43A7-800A-B811036941FD"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04D960D1-7834-42C5-B357-0487F6E54198"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEB6D1F2-7753-4526-BEF6-49E62684BF87"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3CD33AE-B7E9-4149-B660-313A7BF1CA53"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9ABE5A6-A576-48DA-BE6A-049272CE50E8"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B015ACC9-23B1-4467-AAC9-F4BB25314391"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B783B038-87A8-4684-94D9-C7682538BF85"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20FF7586-3714-4960-B69F-497727288225"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAE41F32-2E8B-42C1-AE6C-BA75DD049CEE"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE6C797-4BC5-4922-A480-A670C1D5BB55"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEEEEDC8-3716-49AD-BABF-C26031D70503"
          },
          {
            "criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6249992-4CE2-4515-9C9F-B7A09B2650B1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
