PT-2020-20497 · Huawei · Taurus-An00B

Published

2020-10-09

Updated

2020-10-26

CVE-2020-9105

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2)

Description The issue is related to insufficient input validation. Due to incorrect input validation logic, an attacker can exploit this to access and modify the device's memory by performing a series of operations. Successful exploitation may cause service abnormalities.

Recommendations For versions earlier than 10.1.0.156(C00E155R7P2), update to version 10.1.0.156(C00E155R7P2) or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation until a patch is applied.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-9105

Affected Products

Taurus-An00B

PT-2020-20497 · Huawei · Taurus-An00B

CVE-2020-9105

Weakness Enumeration

Related Identifiers

Affected Products

References · 4