CVE-2020-1866
MEDIUMHuawei Network Products - Out-of-Bounds Read in DHCP Message Parsing
Title source: llmDescription
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-en
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
12.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (17)
huawei/nip6800_firmware
v500r001c30
huawei/nip6800_firmware
v500r001c60spc500
huawei/nip6800_firmware
v500r005c00
huawei/s12700_firmware
v200r008c00
huawei/s2700_firmware
v200r008c00
huawei/s5700_firmware
v200r008c00
huawei/s6700_firmware
v200r008c00
huawei/s7700_firmware
v200r008c00
huawei/s9700_firmware
v200r008c00
huawei/secospace_usg6600_firmware
v500r001c30spc200
... and 7 more
Published
Jan 13, 2021
Tracked Since
Feb 18, 2026