ID

VAR-202004-0959


CVE

CVE-2020-1805


TITLE

Huawei Honor V10 Out-of-bounds read vulnerabilities on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-004907

DESCRIPTION

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 2 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1806. This vulnerability is CVE-2020-1804 and CVE-2020-1806 Is a different vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a driver not fully verifying the received parameters

Trust: 2.25

sources: NVD: CVE-2020-1805 // JVNDB: JVNDB-2020-004907 // CNVD: CNVD-2020-27114 // VULMON: CVE-2020-1805

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27114

AFFECTED PRODUCTS

vendor:huaweimodel:honor v10scope:ltversion:10.0.0.156\(c00e156r2p4\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:eqversion:10.0.0.156(c00e156r2p4)

Trust: 0.8

vendor:huaweimodel:honor <10.0.0.156scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion: -

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.156(c00e156r2p14t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159(c432e4r1p9t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159(c636e3r1p12t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.333(c00e333r2p1t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.351(c432e5r1p13t8)

Trust: 0.1

sources: CNVD: CNVD-2020-27114 // VULMON: CVE-2020-1805 // JVNDB: JVNDB-2020-004907 // NVD: CVE-2020-1805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1805
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004907
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27114
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1967
value: HIGH

Trust: 0.6

VULMON: CVE-2020-1805
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1805
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004907
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27114
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1805
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004907
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27114 // VULMON: CVE-2020-1805 // JVNDB: JVNDB-2020-004907 // CNNVD: CNNVD-202004-1967 // NVD: CVE-2020-1805

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-004907 // NVD: CVE-2020-1805

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1967

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1967

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004907

PATCH

title:huawei-sa-20200422-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en

Trust: 0.8

title:Patch for Huawei Honor V10 Cross-Border Reading Vulnerability (CNVD-2020-27114)url:https://www.cnvd.org.cn/patchInfo/show/216731

Trust: 0.6

title:Huawei Honor V10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116734

Trust: 0.6

title:Huawei Security Advisories: Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphonesurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=710862441ad85228271816b080be03e9

Trust: 0.1

sources: CNVD: CNVD-2020-27114 // VULMON: CVE-2020-1805 // JVNDB: JVNDB-2020-004907 // CNNVD: CNNVD-202004-1967

EXTERNAL IDS

db:NVDid:CVE-2020-1805

Trust: 3.1

db:JVNDBid:JVNDB-2020-004907

Trust: 0.8

db:CNVDid:CNVD-2020-27114

Trust: 0.6

db:CNNVDid:CNNVD-202004-1967

Trust: 0.6

db:VULMONid:CVE-2020-1805

Trust: 0.1

sources: CNVD: CNVD-2020-27114 // VULMON: CVE-2020-1805 // JVNDB: JVNDB-2020-004907 // CNNVD: CNNVD-202004-1967 // NVD: CVE-2020-1805

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-1805

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1805

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200422-02-smartphone-cn

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-27114 // VULMON: CVE-2020-1805 // JVNDB: JVNDB-2020-004907 // CNNVD: CNNVD-202004-1967 // NVD: CVE-2020-1805

SOURCES

db:CNVDid:CNVD-2020-27114
db:VULMONid:CVE-2020-1805
db:JVNDBid:JVNDB-2020-004907
db:CNNVDid:CNNVD-202004-1967
db:NVDid:CVE-2020-1805

LAST UPDATE DATE

2024-11-23T22:05:40.647000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-27114date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1805date:2020-05-01T00:00:00
db:JVNDBid:JVNDB-2020-004907date:2020-06-02T00:00:00
db:CNNVDid:CNNVD-202004-1967date:2020-05-06T00:00:00
db:NVDid:CVE-2020-1805date:2024-11-21T05:11:24.850

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-27114date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1805date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2020-004907date:2020-06-02T00:00:00
db:CNNVDid:CNNVD-202004-1967date:2020-04-22T00:00:00
db:NVDid:CVE-2020-1805date:2020-04-27T15:15:12.970