ID

VAR-202004-0960


CVE

CVE-2020-1806


TITLE

Huawei Honor V10 Out-of-bounds read vulnerabilities on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2020-004653

DESCRIPTION

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities. Certain driver program does not sufficiently validate certain parameters received, that would lead to several bytes out of bound read. Successful exploit may cause information disclosure or service abnormal. This is 3 out of 3 out of bounds vulnerabilities found. Different than CVE-2020-1804 and CVE-2020-1805. This vulnerability is CVE-2020-1804 and CVE-2020-1805 Is a different vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. The vulnerability stems from a driver not fully verifying the received parameters

Trust: 2.25

sources: NVD: CVE-2020-1806 // JVNDB: JVNDB-2020-004653 // CNVD: CNVD-2020-27116 // VULMON: CVE-2020-1806

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-27116

AFFECTED PRODUCTS

vendor:huaweimodel:honor v10scope:ltversion:10.0.0.156\(c00e156r2p4\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:eqversion:10.0.0.156(c00e156r2p4)

Trust: 0.8

vendor:huaweimodel:honor <10.0.0.156scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor v10scope:eqversion: -

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.156(c00e156r2p14t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159(c432e4r1p9t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.0.0.159(c636e3r1p12t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.333(c00e333r2p1t8)

Trust: 0.1

vendor:huaweimodel:honor v10scope:eqversion:9.1.0.351(c432e5r1p13t8)

Trust: 0.1

sources: CNVD: CNVD-2020-27116 // VULMON: CVE-2020-1806 // JVNDB: JVNDB-2020-004653 // NVD: CVE-2020-1806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1806
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004653
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-27116
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-1966
value: HIGH

Trust: 0.6

VULMON: CVE-2020-1806
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1806
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004653
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-27116
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1806
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004653
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-27116 // VULMON: CVE-2020-1806 // JVNDB: JVNDB-2020-004653 // CNNVD: CNNVD-202004-1966 // NVD: CVE-2020-1806

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.8

sources: JVNDB: JVNDB-2020-004653 // NVD: CVE-2020-1806

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1966

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1966

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004653

PATCH

title:huawei-sa-20200422-02-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en

Trust: 0.8

title:Patch for Huawei Honor V10 Cross-Border Reading Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/216729

Trust: 0.6

title:Huawei Honor V10 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=116733

Trust: 0.6

title:Huawei Security Advisories: Security Advisory - Three Out of Bounds Vulnerabilities in Several Smartphonesurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=710862441ad85228271816b080be03e9

Trust: 0.1

sources: CNVD: CNVD-2020-27116 // VULMON: CVE-2020-1806 // JVNDB: JVNDB-2020-004653 // CNNVD: CNNVD-202004-1966

EXTERNAL IDS

db:NVDid:CVE-2020-1806

Trust: 3.1

db:JVNDBid:JVNDB-2020-004653

Trust: 0.8

db:CNVDid:CNVD-2020-27116

Trust: 0.6

db:CNNVDid:CNNVD-202004-1966

Trust: 0.6

db:VULMONid:CVE-2020-1806

Trust: 0.1

sources: CNVD: CNVD-2020-27116 // VULMON: CVE-2020-1806 // JVNDB: JVNDB-2020-004653 // CNNVD: CNNVD-202004-1966 // NVD: CVE-2020-1806

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2020-1806

Trust: 2.0

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-02-smartphone-en

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1806

Trust: 0.8

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200422-02-smartphone-cn

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-27116 // VULMON: CVE-2020-1806 // JVNDB: JVNDB-2020-004653 // CNNVD: CNNVD-202004-1966 // NVD: CVE-2020-1806

SOURCES

db:CNVDid:CNVD-2020-27116
db:VULMONid:CVE-2020-1806
db:JVNDBid:JVNDB-2020-004653
db:CNNVDid:CNNVD-202004-1966
db:NVDid:CVE-2020-1806

LAST UPDATE DATE

2024-11-23T21:35:54.704000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-27116date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1806date:2020-04-30T00:00:00
db:JVNDBid:JVNDB-2020-004653date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1966date:2020-05-06T00:00:00
db:NVDid:CVE-2020-1806date:2024-11-21T05:11:24.980

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-27116date:2020-05-08T00:00:00
db:VULMONid:CVE-2020-1806date:2020-04-27T00:00:00
db:JVNDBid:JVNDB-2020-004653date:2020-05-25T00:00:00
db:CNNVDid:CNNVD-202004-1966date:2020-04-22T00:00:00
db:NVDid:CVE-2020-1806date:2020-04-27T15:15:13.017