{"id": "CVE-2020-36602", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "
[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2022-09-20T20:15:09.723", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "tags": ["Vendor Advisory"], "source": "
[email protected]"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "
[email protected]", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de lectura y escritura fuera de l\u00edmites en algunos productos de auriculares. Un atacante no autenticado obtiene el dispositivo f\u00edsicamente y dise\u00f1a un mensaje malformado con un par\u00e1metro espec\u00edfico y env\u00eda el mensaje a los productos afectados. Debido a una insuficiente comprobaci\u00f3n del mensaje, que puede ser explotado para causar lectura y escritura fuera de l\u00edmites"}], "lastModified": "2025-05-28T16:15:21.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:576up005_hota-cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CD62EE0-E64C-4FF5-8567-2EF3A10F4C7B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:576up005_hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "46D9D107-8AFF-44A8-B9BE-3122F3D9697B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:577hota-cm-h-shark-bd_firmware:1.0.0.577:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27676C44-A16B-47A6-9C11-99DC1E795AC1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:577hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "592046BB-F1E6-4296-817F-0D17A684D58E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:581up-hota-cm-h-shark-bd_firmware:1.0.0.581:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EDB97DC-3A4B-454D-9DEA-AD7A5162F936"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:581up-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B7144AAE-03BA-4ADB-81D0-150A7449EC79"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:586-hota-cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95422749-5574-4106-9BA8-EC87BDEE18D5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:586-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ADDE004F-EBF6-4DBF-9459-5D58550CBF34"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:588-hota-cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5E07AE8-0C69-437B-8CC8-17061600A1B6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:588-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "191C353D-9251-4E17-A8C1-EEFB3D98943B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:606-hota-cm-h-shark-bd_firmware:1.0.0.606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF6250D5-E660-4A07-8CA7-A59F54F2A488"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:606-hota-cm-h-shark-bd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E00B0F4-8959-4909-858B-8EEA64330135"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F008D3C-1BBD-4A69-98D4-315B2A5D92E3"}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0EB4E34-03D0-47B1-8DC6-96EC1BECDDF0"}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB459247-22A8-48AC-B97D-948CAAFCA471"}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FF84D47-BBEE-4004-AA47-E799ED2E1407"}, {"criteria": "cpe:2.3:o:huawei:bi-acc-report_firmware:1.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "267931DA-5398-465B-A149-F32C4B577486"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:bi-acc-report:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C285118-F357-43D6-B9FE-BE1A3E0907F2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp11\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F30D8A50-7540-45E0-96EB-EF1920891744"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp15\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE277CBB-DF9C-4038-8D42-76CA8771A7DE"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp17\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97381235-1F6A-4EC9-A10E-43745F2EE14C"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp21\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9B68556-1AAF-49C5-BFFB-637ED0228431"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp27\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "250E3802-BC17-40A4-A9F1-9CC89204AF50"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp29\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8756F566-6BAD-4CAD-BE60-7555AE0A0D61"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp31\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FB0B5FE-B422-4426-8856-A75A317F8A5B"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.66\\(vn2-sp33\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48B95F08-AEFF-4E97-A7EE-04864B871D0A"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.106:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "352B2B08-0A5D-4212-8417-38303E8CFD34"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.116:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7D49229-664A-4042-93F2-A06C371FFCBC"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.202:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6EA61A3-0583-4577-ACDE-583A3280E759"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.208:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9109225-36DA-4042-A31A-94F4A75B4675"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EEF7C64-F872-44A3-8E2C-7104F72804D5"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.226:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FBA91C1-6970-4340-AA35-84A74B632618"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.228:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9EA888A-B3A3-4F68-B7DF-0E167A02D945"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.510:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9C3C896-6EEF-402B-AE02-9607DC6E8BD9"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.520:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AD877AB-DC3C-488F-A735-298B3743CEE3"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.522:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73EE9A4D-AE78-4701-A111-F0B2AFFE7C89"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.566:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB834B04-137F-4BC0-9BF8-EBABFB407ED3"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.576:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92F09872-A718-42A9-90B5-90B8F0E6A489"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.578:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D019742C-A909-42B4-8436-952633863308"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.586:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACDED3D8-B0D5-4191-B0F2-B68B9244B2FE"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.0.0.588:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD1BA004-40B9-43A7-800A-B811036941FD"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.208:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04D960D1-7834-42C5-B357-0487F6E54198"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.216:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB6D1F2-7753-4526-BEF6-49E62684BF87"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.226:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3CD33AE-B7E9-4149-B660-313A7BF1CA53"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.228:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9ABE5A6-A576-48DA-BE6A-049272CE50E8"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.510:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B015ACC9-23B1-4467-AAC9-F4BB25314391"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.520:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B783B038-87A8-4684-94D9-C7682538BF85"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.522:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20FF7586-3714-4960-B69F-497727288225"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.566:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAE41F32-2E8B-42C1-AE6C-BA75DD049CEE"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.578:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE6C797-4BC5-4922-A480-A670C1D5BB55"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.586:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEEEEDC8-3716-49AD-BABF-C26031D70503"}, {"criteria": "cpe:2.3:o:huawei:cm-h-shark-bd_firmware:1.9.0.588:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6249992-4CE2-4515-9C9F-B7A09B2650B1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cm-h-shark-bd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD33F24B-8D65-49B5-8AFD-A86C767346A9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "
[email protected]"}
