Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2020-9085 CVE-2020-9086 |
CWE-ID | CWE-476 CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Huawei 4G Router B612 Hardware solutions / Routers & switches, VoIP, GSM, etc |
Vendor | Huawei |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
Updated 27.08.2020
Added vulnerability #2
EUVDB-ID: #VU46078
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9085
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can send specially crafted POST messages and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei 4G Router B612: B612s-25dTCPU-V100R001B192D03SP00C234 - B612s-25dTCPU-V100R001B192D05SP00C00
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-pointer_en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU46090
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9086
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error. A remote attacker on the local network can send special UPNP message, trigger memory corruption and cause a denial o service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsHuawei 4G Router B612: B612s-25dTCPU-V100R001B192D03SP00C234 - B612s-25dTCPU-V100R001B192D05SP00C00
External linkshttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200826-01-buffer_en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.