Information disclosure in Some Huawei Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-9069 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Huawei Anne-AL00 Client/Desktop applications / Multimedia software Huawei Berkeley-L09 Client/Desktop applications / Multimedia software Huawei Honor 10 Lite Client/Desktop applications / Multimedia software Huawei CD16-10 Hardware solutions / Routers for home users Huawei CD17-10 Hardware solutions / Routers for home users Huawei CD17-16 Hardware solutions / Routers for home users Huawei CD18-10 Hardware solutions / Routers for home users Huawei CD18-16 Hardware solutions / Routers for home users Huawei WS5200-11 Hardware solutions / Routers for home users Huawei WS5200-12 Hardware solutions / Routers for home users Huawei WS5200-16 Hardware solutions / Routers for home users Huawei WS5200-17 Hardware solutions / Routers for home users Huawei WS6500-10 Hardware solutions / Routers for home users Huawei WS6500-16 Hardware solutions / Routers for home users Huawei Columbia-TL00B Hardware solutions / Firmware Huawei LelandP-L22A Hardware solutions / Firmware Huawei TC5200-16 Hardware solutions / Firmware Huawei WS5800-10 Hardware solutions / Firmware Huawei E6878-370 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Huawei |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU28129
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-9069
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker on the local network can decrypt data and gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei Anne-AL00: All versions
Huawei Berkeley-L09: All versions
Huawei CD16-10: All versions
Huawei CD17-10: All versions
Huawei CD17-16: All versions
Huawei CD18-10: All versions
Huawei CD18-16: All versions
Huawei Columbia-TL00B: All versions
Huawei E6878-370: All versions
Huawei Honor 10 Lite: All versions
Huawei LelandP-L22A: All versions
Huawei TC5200-16: All versions
Huawei WS5200-11: All versions
Huawei WS5200-12: All versions
Huawei WS5200-16: All versions
Huawei WS5200-17: All versions
Huawei WS5800-10: All versions
Huawei WS6500-10: All versions
Huawei WS6500-16: All versions
CPE2.3- cpe:2.3:a:huawei:huawei_anne-al00:*:*:*:*:*:*:*:*
- cpe:2.3:a:huawei:huawei_berkeley-l09:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:cd16-10:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:cd17-10:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_cd17-16:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:cd18-10:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_cd18-16:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_columbia-tl00b:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_e6878-370:*:*:*:*:*:*:*:*
- cpe:2.3:a:huawei:huawei_honor_10_lite:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_lelandp-l22a:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_tc5200-16:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:ws5200-11:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_ws5200-12:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_ws5200-16:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_ws5200-17:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_ws5800-10:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:ws6500-10:*:*:*:*:*:*:*:*
- cpe:2.3:h:huawei:huawei_ws6500-16:*:*:*:*:*:*:*:*
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200520-01-leakage-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
