CVE-2020-9067

Name of the Vulnerable Software and Affected Versions: SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10 SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10 SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10

Description: The issue is related to a buffer overflow vulnerability in Huawei products, specifically when the product functions as an optical line terminal (OLT). This vulnerability can be exploited by an attacker to perform remote code execution on the affected products. The vulnerability is associated with the copying of a buffer without checking the size of the input data, which allows a remote attacker to execute arbitrary code.

Recommendations: For SmartAX MA5600T versions V800R013C10, V800R015C00, V800R015C10, V800R017C00, V800R017C10, V800R018C00, V800R018C10, update to a version that includes the fix for this buffer overflow vulnerability. For SmartAX MA5800 versions V100R017C00, V100R017C10, V100R018C00, V100R018C10, V100R019C10, update to a version that includes the fix for this buffer overflow vulnerability. For SmartAX EA5800 versions V100R018C00, V100R018C10, V100R019C10, update to a version that includes the fix for this buffer overflow vulnerability. As a temporary workaround, consider disabling the functionality that allows the product to function as an OLT until a patch is available.