10.0.3.1(H563Sp1C233)

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

huawei

CWE-787

NVD

Published: 2020-05-29

Updated: 2020-06-02

Summary

E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei E6878 370 Firmware 10.0.3.1\(H557Sp27C233\) Huawei E6878 370 Firmware 10.0.3.1\(H563Sp1C233\)	2
Hardware	Huawei Huawei E6878 370 -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-stack-en