Description
Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-01-buffer-en
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
47.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (50)
huawei/ar120-s_firmware
v200r006c10
huawei/ar120-s_firmware
v200r007c00
huawei/ar120-s_firmware
v200r008c20
huawei/ar120-s_firmware
v200r008c50
huawei/ar1200-s_firmware
v200r003c01
huawei/ar1200-s_firmware
v200r005c20
huawei/ar1200-s_firmware
v200r006c10
huawei/ar1200-s_firmware
v200r007c00
huawei/ar1200-s_firmware
v200r008c20
huawei/ar1200-s_firmware
v200r008c50
... and 40 more
Published
Jan 03, 2020
Tracked Since
Feb 18, 2026