ID

VAR-202008-1045


CVE

CVE-2020-9241


TITLE

Huawei 5G Mobile WiFi E6878-370 Unauthorized authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009457

DESCRIPTION

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device. Huawei 5G Mobile WiFi E6878-370 Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei E6878-370 is a portable 5G router from China's Huawei (Huawei) company. Attackers can use this vulnerability to operate certain business modules

Trust: 2.16

sources: NVD: CVE-2020-9241 // JVNDB: JVNDB-2020-009457 // CNVD: CNVD-2020-46455

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-46455

AFFECTED PRODUCTS

vendor:huaweimodel:e6878-370 10.0.3.1scope: - version: -

Trust: 1.2

vendor:huaweimodel:e6878-370scope:eqversion:10.0.3.1\(h563sp21c233\)

Trust: 1.0

vendor:huaweimodel:e6878-370scope:eqversion:10.0.3.1\(h563sp1c00\)

Trust: 1.0

vendor:huaweimodel:e6878-370scope:eqversion:10.0.3.1(h563sp1c00)

Trust: 0.8

vendor:huaweimodel:e6878-370scope:eqversion:10.0.3.1(h563sp21c233)

Trust: 0.8

sources: CNVD: CNVD-2020-46455 // JVNDB: JVNDB-2020-009457 // NVD: CVE-2020-9241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9241
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009457
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-46455
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202008-672
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-9241
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009457
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-46455
severity: MEDIUM
baseScore: 6.6
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-9241
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-009457
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-46455 // JVNDB: JVNDB-2020-009457 // CNNVD: CNNVD-202008-672 // NVD: CVE-2020-9241

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-863

Trust: 0.8

sources: JVNDB: JVNDB-2020-009457 // NVD: CVE-2020-9241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-672

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202008-672

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009457

PATCH

title:huawei-sa-20200812-01-authurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en

Trust: 0.8

title:Patch for Huawei E6878-370 improper authorization vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/230782

Trust: 0.6

title:Huawei E6878-370 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126695

Trust: 0.6

sources: CNVD: CNVD-2020-46455 // JVNDB: JVNDB-2020-009457 // CNNVD: CNNVD-202008-672

EXTERNAL IDS

db:NVDid:CVE-2020-9241

Trust: 3.0

db:JVNDBid:JVNDB-2020-009457

Trust: 0.8

db:CNVDid:CNVD-2020-46455

Trust: 0.6

db:CNNVDid:CNNVD-202008-672

Trust: 0.6

sources: CNVD: CNVD-2020-46455 // JVNDB: JVNDB-2020-009457 // CNNVD: CNNVD-202008-672 // NVD: CVE-2020-9241

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200812-01-auth-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-9241

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200812-01-auth-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9241

Trust: 0.8

sources: CNVD: CNVD-2020-46455 // JVNDB: JVNDB-2020-009457 // CNNVD: CNNVD-202008-672 // NVD: CVE-2020-9241

SOURCES

db:CNVDid:CNVD-2020-46455
db:JVNDBid:JVNDB-2020-009457
db:CNNVDid:CNNVD-202008-672
db:NVDid:CVE-2020-9241

LAST UPDATE DATE

2024-11-23T22:37:16.067000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-46455date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009457date:2020-11-06T05:05:41
db:CNNVDid:CNNVD-202008-672date:2021-07-27T00:00:00
db:NVDid:CVE-2020-9241date:2024-11-21T05:40:14.180

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-46455date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009457date:2020-11-06T05:05:41
db:CNNVDid:CNNVD-202008-672date:2020-08-12T00:00:00
db:NVDid:CVE-2020-9241date:2020-08-17T16:15:14.107