Information disclosure in some Huawei Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-1810 |
| CWE-ID | CWE-327 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Huawei CloudEngine 12800 Hardware solutions / Firmware Huawei S5700 Hardware solutions / Routers for home users Huawei S6700 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of a broken or risky cryptographic algorithm
EUVDB-ID: #VU24101
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-1810
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei CloudEngine 12800: V100R003C00SPC600 - V200R005C10
Huawei S5700: V200R005C00SPC500 - V200R012C20
Huawei S6700: V200R005C00SPC500 - V200R012C00SPC710
CPE2.3 External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
