CVE-2020-9247

Summary

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

Affected Software

VendorProductVersion RangeStatus
HuaweiHONOR 20 PROunspecified < 10.1.0.230(C432E9R5P1)affected
HuaweiHONOR 20 PROunspecified < 10.1.0.231(C10E3R3P2)affected
HuaweiHUAWEI Mate 20unspecified < 10.1.0.160(C00E160R3P8)affected
HuaweiHUAWEI Mate 20 Prounspecified < 10.1.0.270(C432E7R1P5)affected
HuaweiHUAWEI Mate 20 Prounspecified < 10.1.0.270(C635E3R1P5)affected
HuaweiHUAWEI Mate 20 Prounspecified < 10.1.0.273(C185E7R2P4)affected
HuaweiHUAWEI Mate 20 Prounspecified < 10.1.0.273(C636E7R2P4)affected
HuaweiHUAWEI Mate 20 Prounspecified < 10.1.0.277(C10E7R2P4)affected
HuaweiHUAWEI Mate 20 Prounspecified < 10.1.0.277(C605E7R1P5)affected
HuaweiHUAWEI Mate 20 Xunspecified < 10.1.0.160(C00E160R2P8)affected
HuaweiHUAWEI P309.1.0.272(C635E4R2P2)affected
HuaweiHUAWEI P30unspecified < 10.1.0.123(C432E22R2P5)affected
HuaweiHUAWEI P30unspecified < 10.1.0.126(C10E7R5P1)affected
HuaweiHUAWEI P30unspecified < 10.1.0.126(C185E4R7P1)affected
HuaweiHUAWEI P30unspecified < 10.1.0.126(C605E19R1P3)affected
HuaweiHUAWEI P30unspecified < 10.1.0.126(C636E5R3P4)affected
HuaweiHUAWEI P30unspecified < 10.1.0.126(C636E7R3P4)affected
HuaweiHUAWEI P30 Prounspecified < 10.1.0.160(C00E160R2P8)affected
HuaweiHima-L29Cunspecified < 10.1.0.273(C185E5R2P4)affected
HuaweiHima-L29Cunspecified < 10.1.0.273(C636E5R2P4)affected
HuaweiHima-L29Cunspecified < 10.1.0.275(C10E4R2P4)affected
HuaweiLaya-AL00EPunspecified < 10.1.0.160(C786E160R3P8)affected
HuaweiPrinceton-AL10Bunspecified < 10.1.0.160(C00E160R2P11)affected
HuaweiTony-AL00Bunspecified < 10.1.0.160(C00E160R2P11)affected
HuaweiYale-L61Aunspecified < 10.1.0.225(C432E3R1P2)affected
HuaweiYale-L61Aunspecified < 10.1.0.226(C10E3R1P1)affected
HuaweiYale-TL00Bunspecified < 10.1.0.160(C01E160R8P12)affected
HuaweiYaleP-AL10Bunspecified < 10.1.0.160(C00E160R8P12)affected

Weaknesses

  • CWE-120: CWE-120 Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References