ID

VAR-202002-0575


CVE

CVE-2020-1792


TITLE

Honor V10 Out-of-bounds writing vulnerabilities on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-002386

DESCRIPTION

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot. Huawei Honor V10 is a smartphone product from China's Huawei. The vulnerability stems from insufficient verification of incoming parameters

Trust: 2.16

sources: NVD: CVE-2020-1792 // JVNDB: JVNDB-2020-002386 // CNVD: CNVD-2020-14758

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14758

AFFECTED PRODUCTS

vendor:huaweimodel:honor v10scope:eqversion: -

Trust: 1.2

vendor:huaweimodel:honor v10scope:ltversion:bkl-l09_10.0.0.146\(c432e4r1p4\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:bkl-al20_10.0.0.156\(c00e156r2p4\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:eqversion:bkl-al20 10.0.0.156(c00e156r2p4)

Trust: 0.8

vendor:huaweimodel:honor v10scope:eqversion:bkl-l09 10.0.0.146(c432e4r1p4)

Trust: 0.8

vendor:huaweimodel:honor <bkl-al20 10.0.0.156scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor <bkl-l09 10.0.0.146scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.333c00e333r2p1t8

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159c636e3r1p12t8

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.156c00e156r2p14t8

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.351c432e5r1p13t8

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159c432e4r1p9t8

Trust: 0.6

sources: CNVD: CNVD-2020-14758 // JVNDB: JVNDB-2020-002386 // CNNVD: CNNVD-202002-1246 // NVD: CVE-2020-1792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1792
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002386
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-14758
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202002-1246
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1792
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002386
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-14758
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1792
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-002386
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14758 // JVNDB: JVNDB-2020-002386 // CNNVD: CNNVD-202002-1246 // NVD: CVE-2020-1792

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.8

sources: JVNDB: JVNDB-2020-002386 // NVD: CVE-2020-1792

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202002-1246

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202002-1246

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002386

PATCH

title:huawei-sa-20200219-02-firewallurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200219-02-firewall-en

Trust: 0.8

title:Patch for Huawei Honor V10 buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/206185

Trust: 0.6

title:Huawei Honor V10 Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110820

Trust: 0.6

sources: CNVD: CNVD-2020-14758 // JVNDB: JVNDB-2020-002386 // CNNVD: CNNVD-202002-1246

EXTERNAL IDS

db:NVDid:CVE-2020-1792

Trust: 3.0

db:JVNDBid:JVNDB-2020-002386

Trust: 0.8

db:CNVDid:CNVD-2020-14758

Trust: 0.6

db:CNNVDid:CNNVD-202002-1246

Trust: 0.6

sources: CNVD: CNVD-2020-14758 // JVNDB: JVNDB-2020-002386 // CNNVD: CNNVD-202002-1246 // NVD: CVE-2020-1792

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-1792

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200226-01-smartphone-en

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1792

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200226-01-smartphone-cn

Trust: 0.6

sources: CNVD: CNVD-2020-14758 // JVNDB: JVNDB-2020-002386 // CNNVD: CNNVD-202002-1246 // NVD: CVE-2020-1792

SOURCES

db:CNVDid:CNVD-2020-14758
db:JVNDBid:JVNDB-2020-002386
db:CNNVDid:CNNVD-202002-1246
db:NVDid:CVE-2020-1792

LAST UPDATE DATE

2024-11-23T22:41:11.033000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-14758date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2020-002386date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-1246date:2020-03-09T00:00:00
db:NVDid:CVE-2020-1792date:2024-11-21T05:11:23.407

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-14758date:2020-03-01T00:00:00
db:JVNDBid:JVNDB-2020-002386date:2020-03-13T00:00:00
db:CNNVDid:CNNVD-202002-1246date:2020-02-26T00:00:00
db:NVDid:CVE-2020-1792date:2020-02-28T19:15:11.297