CVE-2020-9247: Buffer Overflow
First published: Mon Dec 07 2020(Updated: )
There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei HONOR 20 PRO | <10.1.0.230\(c432e9r5p1\) | |
| Huawei HONOR 20 PRO | ||
| Huawei Mate 20 RS Firmware | <10.1.0.160\(c00e160r3p8\) | |
| Huawei Mate 20 Pro | ||
| Huawei Mate 20 Pro | <10.1.0.270\(c432e7r1p5\) | |
| Huawei Mate 20 Pro | ||
| Huawei Mate 20 X Firmware | <10.1.0.160\(c00e160r2p8\) | |
| Huawei Mate 20 X Firmware | ||
| Huawei P30 Firmware | =9.1.0.272\(c635e4r2p2\) | |
| HUAWEI P30 | ||
| Huawei P30 Pro Firmware | <10.1.0.160\(c00e160r2p8\) | |
| Huawei P30 Pro Firmware | ||
| Huawei Hima-L29c Firmware | <10.1.0.273\(c185e5r2p4\) | |
| Huawei Hima-L29 | ||
| Huawei Laya-AL00EP | <10.1.0.160\(c786e160r3p8\) | |
| Huawei Laya | ||
| Huawei Princeton-AL10B | <10.1.0.160\(c00e160r2p11\) | |
| Huawei Princeton-AL10B Firmware | ||
| Huawei Tony-AL00b | <10.1.0.160\(c00e160r2p11\) | |
| Huawei Tony-AL00B Firmware | ||
| Huawei Yale-L61a | <10.1.0.225\(c432e3r1p2\) | |
| Huawei Yale-L61a | ||
| Huawei Yale-TL00B | <10.1.0.160\(c01e160r8p12\) | |
| Huawei Yale-TL00B Firmware | ||
| Huawei YaleP-AL10B | <10.1.0.160\(c00e160r8p12\) | |
| Huawei P10 Plus | ||
| Huawei HONOR 20 PRO | <10.1.0.231\(c10e3r3p2\) | |
| Huawei Mate 20 Pro | <10.1.0.270\(c635e3r1p5\) | |
| Huawei Mate 20 Pro | <10.1.0.273\(c185e7r2p4\) | |
| Huawei Mate 20 Pro | <10.1.0.273\(c636e7r2p4\) | |
| Huawei Mate 20 Pro | <10.1.0.277\(c10e7r2p4\) | |
| Huawei Mate 20 Pro | <10.1.0.277\(c605e7r1p5\) | |
| Huawei P30 Firmware | <10.1.0.123\(c432e22r2p5\) | |
| Huawei P30 Firmware | <10.1.0.126\(c10e7r5p1\) | |
| Huawei P30 Firmware | <10.1.0.126\(c185e4r7p1\) | |
| Huawei P30 Firmware | <10.1.0.126\(c605e19r1p3\) | |
| Huawei P30 Firmware | <10.1.0.126\(c636e5r3p4\) | |
| Huawei P30 Firmware | <10.1.0.126\(c636e7r3p4\) | |
| Huawei Hima-L29c Firmware | <10.1.0.273\(c636e5r2p4\) | |
| Huawei Hima-L29c Firmware | <10.1.0.275\(c10e4r2p4\) | |
| Huawei Yale-L61a | <10.1.0.226\(c10e3r1p1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-9247?
CVE-2020-9247 has a critical severity rating due to the potential for exploitation leading to remote code execution.
How do I fix CVE-2020-9247?
To fix CVE-2020-9247, users should update affected Huawei devices to the latest firmware version provided by Huawei.
Which Huawei products are affected by CVE-2020-9247?
CVE-2020-9247 affects multiple Huawei products including the Honor 20 Pro, Mate 20, Mate 20 Pro, P30, and several others.
What causes the CVE-2020-9247 vulnerability?
CVE-2020-9247 is caused by insufficient validation of configuration parameters leading to a buffer overflow.
Can CVE-2020-9247 be exploited remotely?
Yes, CVE-2020-9247 can be exploited remotely if an attacker successfully tricks a user into installing a malicious application.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/huawei
- canonical/huawei honor 20 pro
- canonical/huawei mate 20 rs firmware
- canonical/huawei mate 20 pro
- canonical/huawei mate 20 x firmware
- canonical/huawei p30 firmware
- version/huawei p30 firmware/9.1.0.272\(c635e4r2p2\)
- canonical/huawei p30
- canonical/huawei p30 pro firmware
- canonical/huawei hima-l29c firmware
- canonical/huawei hima-l29
- canonical/huawei laya-al00ep
- canonical/huawei laya
- canonical/huawei princeton-al10b
- canonical/huawei princeton-al10b firmware
- canonical/huawei tony-al00b
- canonical/huawei tony-al00b firmware
- canonical/huawei yale-l61a
- canonical/huawei yale-tl00b
- canonical/huawei yale-tl00b firmware
- canonical/huawei yalep-al10b
- canonical/huawei p10 plus