Description
Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X version 1.0.1.21(SP3) have an insufficient verification vulnerability. An attacker can access the device physically and exploit this vulnerability to tamper with device information. Successful exploit may cause service abnormal.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-03-osca-en
Scores
CVSS v3
6.1
EPSS
0.0021
EPSS Percentile
10.9%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Details
Status
published
Products (6)
huawei/hege-560_firmware
1.0.1.21\(sp3\)
huawei/hege-570_firmware
1.0.1.22\(sp3\)
huawei/osca-550_firmware
1.0.1.21\(sp3\)
huawei/osca-550a_firmware
1.0.1.21\(sp3\)
huawei/osca-550ax_firmware
1.0.1.21\(sp3\)
huawei/osca-550x_firmware
1.0.1.21\(sp3\)
Published
Feb 18, 2020
Tracked Since
Feb 18, 2026