CVE-2020-9201
First published: Thu Dec 24 2020(Updated: )
There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Nip6800 Firmware | =v500r001c30 | |
| Huawei Nip6800 Firmware | =v500r001c60spc500 | |
| Huawei Nip6800 Firmware | =v500r005c00 | |
| Huawei NIP6800 | ||
| Huawei Secospace Usg6600 Firmware | =v500r001c30spc200 | |
| Huawei Secospace Usg6600 Firmware | =v500r001c30spc600 | |
| Huawei Secospace Usg6600 Firmware | =v500r001c60spc500 | |
| Huawei Secospace Usg6600 Firmware | =v500r005c00 | |
| Huawei Secospace USG6600 | ||
| Huawei Usg9500 Firmware | =v500r001c30spc200 | |
| Huawei Usg9500 Firmware | =v500r001c30spc600 | |
| Huawei Usg9500 Firmware | =v500r001c60spc500 | |
| Huawei Usg9500 Firmware | =v500r005c00 | |
| Huawei USG9500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-9201?
CVE-2020-9201 is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600, and USG9500.
What is the severity of CVE-2020-9201?
The severity of CVE-2020-9201 is medium with a severity value of 6.5.
What software versions are affected by CVE-2020-9201?
The affected software versions include Huawei Nip6800 Firmware v500r001c30, v500r001c60spc500, and v500r005c00, as well as Huawei Secospace Usg6600 Firmware v500r001c30spc200, v500r001c30spc600, and v500r005c00, and Huawei Usg9500 Firmware v500r001c30spc200, v500r001c30spc600, and v500r005c00.
How does CVE-2020-9201 exploit impact the system?
A successful exploit of CVE-2020-9201 could cause certain service abnormalities.
Where can I find more information about CVE-2020-9201?
You can find more information about CVE-2020-9201 on the official Huawei website.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei nip6800 firmware
- version/huawei nip6800 firmware/v500r001c30
- version/huawei nip6800 firmware/v500r001c60spc500
- version/huawei nip6800 firmware/v500r005c00
- canonical/huawei nip6800
- canonical/huawei secospace usg6600 firmware
- version/huawei secospace usg6600 firmware/v500r001c30spc200
- version/huawei secospace usg6600 firmware/v500r001c30spc600
- version/huawei secospace usg6600 firmware/v500r001c60spc500
- version/huawei secospace usg6600 firmware/v500r005c00
- canonical/huawei secospace usg6600
- canonical/huawei usg9500 firmware
- version/huawei usg9500 firmware/v500r001c30spc200
- version/huawei usg9500 firmware/v500r001c30spc600
- version/huawei usg9500 firmware/v500r001c60spc500
- version/huawei usg9500 firmware/v500r005c00
- canonical/huawei usg9500