1. Home
  2. CVE Database
  3. CVE-2020-36602
MEDIUM · 6.1

CVE-2020-36602

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends t...

Vulnerability Description

There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
Huawei576Up005 Hota-Cm-H-Shark-Bd Firmware1.0.0.576
Huawei576Up005 Hota-Cm-H-Shark-Bd-
Huawei577Hota-Cm-H-Shark-Bd Firmware1.0.0.577
Huawei577Hota-Cm-H-Shark-Bd-
Huawei581Up-Hota-Cm-H-Shark-Bd Firmware1.0.0.581
Huawei581Up-Hota-Cm-H-Shark-Bd-
Huawei586-Hota-Cm-H-Shark-Bd Firmware1.0.0.586
Huawei586-Hota-Cm-H-Shark-Bd-
Huawei588-Hota-Cm-H-Shark-Bd Firmware1.0.0.588
Huawei588-Hota-Cm-H-Shark-Bd-
Huawei606-Hota-Cm-H-Shark-Bd Firmware1.0.0.606
Huawei606-Hota-Cm-H-Shark-Bd-
HuaweiBi-Acc-Report Firmware1.0.0.1
HuaweiBi-Acc-Report-
HuaweiCm-H-Shark-Bd Firmware1.0.0.66\(vn2-sp11\)
HuaweiCm-H-Shark-Bd-

Related Weaknesses (CWE)

CWE-787CWE-125

References

FAQ

What is CVE-2020-36602?

CVE-2020-36602 is a vulnerability with a CVSS score of 6.1 (MEDIUM). There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends t...

How severe is CVE-2020-36602?

CVE-2020-36602 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36602?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei 576Up005 Hota-Cm-H-Shark-Bd Firmware, Huawei 576Up005 Hota-Cm-H-Shark-Bd, Huawei 577Hota-Cm-H-Shark-Bd Firmware, Huawei 577Hota-Cm-H-Shark-Bd, Huawei 581Up-Hota-Cm-H-Shark-Bd Firmware.