Description
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220826-01-outofboundread-en
Scores
CVSS v3
6.1
EPSS
0.0008
EPSS Percentile
22.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-125
CWE-787
Status
published
Products (45)
huawei/576up005_hota-cm-h-shark-bd_firmware
1.0.0.576
huawei/577hota-cm-h-shark-bd_firmware
1.0.0.577
huawei/581up-hota-cm-h-shark-bd_firmware
1.0.0.581
huawei/586-hota-cm-h-shark-bd_firmware
1.0.0.586
huawei/588-hota-cm-h-shark-bd_firmware
1.0.0.588
huawei/606-hota-cm-h-shark-bd_firmware
1.0.0.606
huawei/bi-acc-report_firmware
1.0.0.1
huawei/bi-acc-report_firmware
1.0.0.2
huawei/bi-acc-report_firmware
1.0.0.3
huawei/bi-acc-report_firmware
1.0.0.4
... and 35 more
Published
Sep 20, 2022
Tracked Since
Feb 18, 2026