Details of VAR-202012-1404

ID

VAR-202012-1404

CVE

CVE-2020-9125

TITLE

huawei smartphone Mate 30 Out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-014830

DESCRIPTION

There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally. huawei smartphone Mate 30 Is vulnerable to an out-of-bounds read.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Mate 30 is a smart phone of China's Huawei. Remote attackers can use this vulnerability to submit special requests and execute arbitrary code in the context of the application

Trust: 2.16

sources: NVD: CVE-2020-9125 // JVNDB: JVNDB-2020-014830 // CNVD: CNVD-2021-05400

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-05400

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 30	scope:	lt	version:	10.1.0.156\(c00e155r7p2\)	Trust: 1.0
vendor:	huawei	model:	mate 30	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	mate 30	scope:	eq	version:	mate 30 firmware 10.1.0.156 (c00e155r7p2)	Trust: 0.8
vendor:	huawei	model:	mate	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2021-05400 // JVNDB: JVNDB-2020-014830 // NVD: CVE-2020-9125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9125
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-9125
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-05400
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202012-1757
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-9125
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-05400
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-9125
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-9125
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-05400 // JVNDB: JVNDB-2020-014830 // CNNVD: CNNVD-202012-1757 // NVD: CVE-2020-9125

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-014830 // NVD: CVE-2020-9125

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202012-1757

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1757

PATCH

title:	huawei-sa-20201216-01-taurus	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en	Trust: 0.8
title:	Patch for Huawei Mate 30 buffer overflow vulnerability (CNVD-2021-05400)	url:	https://www.cnvd.org.cn/patchInfo/show/245155	Trust: 0.6
title:	Huawei Mate 30 Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138136	Trust: 0.6

sources: CNVD: CNVD-2021-05400 // JVNDB: JVNDB-2020-014830 // CNNVD: CNNVD-202012-1757

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9125	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-014830	Trust: 0.8
db:	CNVD	id:	CNVD-2021-05400	Trust: 0.6
db:	CNNVD	id:	CNNVD-202012-1757	Trust: 0.6

sources: CNVD: CNVD-2021-05400 // JVNDB: JVNDB-2020-014830 // CNNVD: CNNVD-202012-1757 // NVD: CVE-2020-9125

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2020-9125	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-taurus-en	Trust: 1.6

sources: CNVD: CNVD-2021-05400 // JVNDB: JVNDB-2020-014830 // CNNVD: CNNVD-202012-1757 // NVD: CVE-2020-9125

SOURCES

db:	CNVD	id:	CNVD-2021-05400
db:	JVNDB	id:	JVNDB-2020-014830
db:	CNNVD	id:	CNNVD-202012-1757
db:	NVD	id:	CVE-2020-9125

LAST UPDATE DATE

2024-11-23T21:51:06.746000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-05400	date:	2021-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2020-014830	date:	2021-09-01T05:40:00
db:	CNNVD	id:	CNNVD-202012-1757	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-9125	date:	2024-11-21T05:40:06.077

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-05400	date:	2021-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-014830	date:	2021-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202012-1757	date:	2020-12-29T00:00:00
db:	NVD	id:	CVE-2020-9125	date:	2020-12-29T18:15:13.290