PT-2020-20472 · Huawei · Ar120-S+1
Published
2020-04-15
·
Updated
2020-06-03
·
CVE-2020-9071
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Huawei AR120-S versions V200R007C00SPC900, V200R007C00SPCa00
Description
The issue is related to an out-of-bounds read vulnerability in Huawei products. It occurs when the software reads data past the end of the intended buffer while parsing certain messages. An authenticated attacker could exploit this by sending crafted messages to the device, potentially causing service abnormalities in specific scenarios.
Recommendations
For AR120-S version V200R007C00SPC900, update to a version that fixes the out-of-bounds read vulnerability.
For AR120-S version V200R007C00SPCa00, update to a version that fixes the out-of-bounds read vulnerability.
As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation by crafted messages.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ar120-S
Huawei Vrp