#VU29341 Input validation error in Changxiang 8 Plus
Vulnerability identifier: #VU29341
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Changxiang 8 Plus
Client/Desktop applications /
Multimedia software
Vendor: Huawei
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected device does not properly handle certain message from base station. A remote attacker on the local network can craft a fake base station and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Changxiang 8 Plus: All versions
External links
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200624-01-dos-en
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
