Huawei Product Buffer Overflow via UPNP Message
CVE-2020-9086 Published on December 27, 2024
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086.
Vulnerability Analysis
Weakness Type
What is a buffer underrun Vulnerability?
The software writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.
CVE-2020-9086 has been classified to as a buffer underrun vulnerability or weakness.
Products Associated with CVE-2020-9086
Want to know whenever a new CVE is published for Huawei B612 Firmware? stack.watch will email you.
Affected Versions
HUAWEI 4G Router B612:- Version B612s-25dTCPU-V100R001B192D03SP00C234 is affected.
- Version B612s-25dTCPU-V100R001B192D03SP00C287 is affected.
- Version B612s-25dTCPU-V100R001B192D05SP00C00 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.