CVE-2020-1802

MEDIUM

OSCA-550 <1.0.1.23 - Info Disclosure

Title source: llm

Description

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product versions include:OSCA-550 versions 1.0.1.23(SP2);OSCA-550A versions 1.0.1.23(SP2);OSCA-550AX versions 1.0.1.23(SP2);OSCA-550X versions 1.0.1.23(SP2).

References (1)

[Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-osca-en

Scores

CVSS v3 4.6

EPSS 0.0003

EPSS Percentile 8.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-354

Status published

Products (4)

huawei/osca-550_firmware 1.0.1.23\(sp2\)

huawei/osca-550a_firmware 1.0.1.23\(sp2\)

huawei/osca-550ax_firmware 1.0.1.23\(sp2\)

huawei/osca-550x_firmware 1.0.1.23\(sp2\)

Published Apr 10, 2020

Tracked Since Feb 18, 2026