ID

VAR-202004-0958


CVE

CVE-2020-1804


TITLE

Huawei Honor V10 Out-of-bounds read vulnerabilities on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-004906

DESCRIPTION

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 1 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1805 and CVE-2020-1806. This vulnerability is CVE-2020-1805 and CVE-2020-1806 Is a different vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a driver not fully verifying the received parameters

Trust: 2.25

sources: NVD: CVE-2020-1804 // JVNDB: JVNDB-2020-004906 // CNVD: CNVD-2020-27112 // VULMON: CVE-2020-1804

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27112

AFFECTED PRODUCTS

vendor:huaweimodel:honor v10scope:ltversion:10.0.0.156\(c00e156r2p4\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:eqversion:10.0.0.156(c00e156r2p4)

Trust: 0.8

vendor:huaweimodel:honor <10.0.0.156scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion: -

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.156(c00e156r2p14t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159(c432e4r1p9t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159(c636e3r1p12t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.333(c00e333r2p1t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.351(c432e5r1p13t8)

Trust: 0.1

sources: CNVD: CNVD-2020-27112 // VULMON: CVE-2020-1804 // JVNDB: JVNDB-2020-004906 // NVD: CVE-2020-1804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1804
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004906
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27112
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1969
value: HIGH

Trust: 0.6

VULMON: CVE-2020-1804
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1804
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004906
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27112
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1804
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004906
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27112 // VULMON: CVE-2020-1804 // JVNDB: JVNDB-2020-004906 // CNNVD: CNNVD-202004-1969 // NVD: CVE-2020-1804

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-004906 // NVD: CVE-2020-1804

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1969

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1969

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004906

PATCH

title:huawei-sa-20200422-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en

Trust: 0.8

title:Patch for Huawei Honor V10 Cross-Border Reading Vulnerability (CNVD-2020-27112)url:https://www.cnvd.org.cn/patchInfo/show/216735

Trust: 0.6

title:Huawei Honor V10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116736

Trust: 0.6

title:Huawei Security Advisories: Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphonesurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=710862441ad85228271816b080be03e9

Trust: 0.1

sources: CNVD: CNVD-2020-27112 // VULMON: CVE-2020-1804 // JVNDB: JVNDB-2020-004906 // CNNVD: CNNVD-202004-1969

EXTERNAL IDS

db:NVDid:CVE-2020-1804

Trust: 3.1

db:JVNDBid:JVNDB-2020-004906

Trust: 0.8

db:CNVDid:CNVD-2020-27112

Trust: 0.6

db:CNNVDid:CNNVD-202004-1969

Trust: 0.6

db:VULMONid:CVE-2020-1804

Trust: 0.1

sources: CNVD: CNVD-2020-27112 // VULMON: CVE-2020-1804 // JVNDB: JVNDB-2020-004906 // CNNVD: CNNVD-202004-1969 // NVD: CVE-2020-1804

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-1804

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1804

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200422-02-smartphone-cn

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-27112 // VULMON: CVE-2020-1804 // JVNDB: JVNDB-2020-004906 // CNNVD: CNNVD-202004-1969 // NVD: CVE-2020-1804

SOURCES

db:CNVDid:CNVD-2020-27112
db:VULMONid:CVE-2020-1804
db:JVNDBid:JVNDB-2020-004906
db:CNNVDid:CNNVD-202004-1969
db:NVDid:CVE-2020-1804

LAST UPDATE DATE

2024-11-23T22:55:10.879000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-27112date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1804date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2020-004906date:2020-06-02T00:00:00
db:CNNVDid:CNNVD-202004-1969date:2020-05-06T00:00:00
db:NVDid:CVE-2020-1804date:2024-11-21T05:11:24.723

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-27112date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1804date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2020-004906date:2020-06-02T00:00:00
db:CNNVDid:CNNVD-202004-1969date:2020-04-22T00:00:00
db:NVDid:CVE-2020-1804date:2020-04-27T15:15:12.907