First published: Mon Mar 22 2021(Updated: )
There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei Usg9500 Firmware | =v500r005c00spc100 | |
Huawei Usg9500 Firmware | =v500r005c00spc200 | |
Huawei Usg9500 Firmware | =v500r005c20spc300 | |
Huawei Usg9500 Firmware | =v500r005c20spc500 | |
Huawei Usg9500 Firmware | =v500r005c20spc600 | |
Huawei USG9500 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9212 is a vulnerability in some versions of USG9500 where the device improperly handles information when a user logs in, allowing attackers to perform operations, gain information, and cause information leaks.
The following software versions of USG9500 are affected: v500r005c00spc100, v500r005c00spc200, v500r005c20spc300, v500r005c20spc500, v500r005c20spc600.
CVE-2020-9212 has a severity rating of 6.5 (medium).
An attacker can exploit CVE-2020-9212 by improperly handling information during user login, allowing them to perform malicious operations and gain unauthorized access to information.
It is recommended to update to the latest version of USG9500 firmware to fix CVE-2020-9212. Please refer to the vendor's security advisory (reference link) for more information.