CVE-2020-9247

EPSS 0.8%CWE-120

There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.

Produtos afetados

Huawei · Hima-L29C Huawei · HONOR 20 PRO Huawei · HUAWEI Mate 20 Huawei · HUAWEI Mate 20 Pro Huawei · HUAWEI Mate 20 X Huawei · HUAWEI P30 Huawei · HUAWEI P30 Pro Huawei · Laya-AL00EP Huawei · Princeton-AL10B Huawei · Tony-AL00B Huawei · Yale-L61A Huawei · YaleP-AL10B Huawei · Yale-TL00B

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200729-03-smartphone-en