CVE-2020-9247: Buffer Overflow
First published: Mon Dec 07 2020(Updated: )
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei Honor 20 Pro Firmware | <10.1.0.230\(c432e9r5p1\) | |
| Huawei HONOR 20 PRO | ||
| Huawei Mate 20 Firmware | <10.1.0.160\(c00e160r3p8\) | |
| HUAWEI Mate 20 | ||
| Huawei Mate 20 Pro Firmware | <10.1.0.270\(c432e7r1p5\) | |
| HUAWEI Mate 20 Pro | ||
| Huawei Mate 20 X Firmware | <10.1.0.160\(c00e160r2p8\) | |
| HUAWEI Mate 20 X | ||
| Huawei P30 Firmware | =9.1.0.272\(c635e4r2p2\) | |
| HUAWEI P30 | ||
| Huawei P30 Pro Firmware | <10.1.0.160\(c00e160r2p8\) | |
| HUAWEI P30 Pro | ||
| Google Android | <10.1.0.273\(c185e5r2p4\) | |
| Huawei Hima-l29c | ||
| Huawei Laya-al00ep Firmware | <10.1.0.160\(c786e160r3p8\) | |
| Huawei Laya-al00ep | ||
| Huawei Princeton-al10b Firmware | <10.1.0.160\(c00e160r2p11\) | |
| Huawei Princeton-al10b | ||
| Huawei Tony-al00b Firmware | <10.1.0.160\(c00e160r2p11\) | |
| Huawei Tony-al00b | ||
| Huawei Yale-l61a Firmware | <10.1.0.225\(c432e3r1p2\) | |
| Huawei Yale-l61a | ||
| Huawei Yale-tl00b Firmware | <10.1.0.160\(c01e160r8p12\) | |
| Huawei Yale-tl00b | ||
| Huawei Yalep-al10b Firmware | <10.1.0.160\(c00e160r8p12\) | |
| Huawei Yalep-al10b | ||
| Huawei Honor 20 Pro Firmware | <10.1.0.231\(c10e3r3p2\) | |
| Huawei Mate 20 Pro Firmware | <10.1.0.270\(c635e3r1p5\) | |
| Huawei Mate 20 Pro Firmware | <10.1.0.273\(c185e7r2p4\) | |
| Huawei Mate 20 Pro Firmware | <10.1.0.273\(c636e7r2p4\) | |
| Huawei Mate 20 Pro Firmware | <10.1.0.277\(c10e7r2p4\) | |
| Huawei Mate 20 Pro Firmware | <10.1.0.277\(c605e7r1p5\) | |
| Huawei P30 Firmware | <10.1.0.123\(c432e22r2p5\) | |
| Huawei P30 Firmware | <10.1.0.126\(c10e7r5p1\) | |
| Huawei P30 Firmware | <10.1.0.126\(c185e4r7p1\) | |
| Huawei P30 Firmware | <10.1.0.126\(c605e19r1p3\) | |
| Huawei P30 Firmware | <10.1.0.126\(c636e5r3p4\) | |
| Huawei P30 Firmware | <10.1.0.126\(c636e7r3p4\) | |
| Google Android | <10.1.0.273\(c636e5r2p4\) | |
| Google Android | <10.1.0.275\(c10e4r2p4\) | |
| Huawei Yale-l61a Firmware | <10.1.0.226\(c10e3r1p1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei honor 20 pro firmware
- canonical/huawei honor 20 pro
- canonical/huawei mate 20 firmware
- canonical/huawei mate 20
- canonical/huawei mate 20 pro firmware
- canonical/huawei mate 20 pro
- canonical/huawei mate 20 x firmware
- canonical/huawei mate 20 x
- canonical/huawei p30 firmware
- version/huawei p30 firmware/9.1.0.272\(c635e4r2p2\)
- canonical/huawei p30
- canonical/huawei p30 pro firmware
- canonical/huawei p30 pro
- canonical/google android
- canonical/huawei hima-l29c
- canonical/huawei laya-al00ep firmware
- canonical/huawei laya-al00ep
- canonical/huawei princeton-al10b firmware
- canonical/huawei princeton-al10b
- canonical/huawei tony-al00b firmware
- canonical/huawei tony-al00b
- canonical/huawei yale-l61a firmware
- canonical/huawei yale-l61a
- canonical/huawei yale-tl00b firmware
- canonical/huawei yale-tl00b
- canonical/huawei yalep-al10b firmware
- canonical/huawei yalep-al10b