Description
Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, and V500R005C00SPC100 have an out-of-bounds read vulnerability. Due to a logical flaw in a JSON parsing routine, a remote, unauthenticated attacker could exploit this vulnerability to disrupt service in the affected products.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200311-01-buffer-en
Scores
CVSS v3
7.5
EPSS
0.0045
EPSS Percentile
63.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (3)
huawei/usg6000v_firmware
v500r001c20spc300
huawei/usg6000v_firmware
v500r003c00spc100
huawei/usg6000v_firmware
v500r005c00spc100
Published
Mar 12, 2020
Tracked Since
Feb 18, 2026