CVE-2020-1856

Name of the Vulnerable Software and Affected Versions Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00

Description The issue is related to an information leakage vulnerability. It can be exploited by sending specific request packets to affected devices, potentially leading to information leakage. The vulnerability exists due to insufficient input validation, allowing a remote attacker to gain unauthorized access to protected information.

Recommendations For versions V500R001C30, V500R001C60, and V500R005C00, consider restricting access to the affected devices until a patch is available. As a temporary workaround, avoid using the vulnerable module in the affected Huawei products until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.