Main Vulnerability Database Vulnerabilities #VU26733

#VU26733 Improper validation of integrity check value in Huawei products - CVE-2020-1802

Published: April 9, 2020

Vulnerability identifier: #VU26733

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-1802

CWE-ID: CWE-354

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
OSCA-550
OSCA-550A
OSCA-550AX
OSCA-550X

Software vendor:
Huawei

Description

The vulnerability allows a local attacker to gain unauthorized access to the target device.

The vulnerability exists due to the affected device does not sufficiently validate the integrity of certain file in certain loading processes. An attacker with physical access can load a specially crafted file to the device through USB and gain access to the device.

Remediation

Install updates from vendor's website.

External links

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-osca-en

#VU26733 Improper validation of integrity check value in Huawei products - CVE-2020-1802

Description

Remediation

External links

Please verify you're human