CVE-2020-9102

LOW

Huawei CloudEngine 12800/5800/6800/7800 Firmware - Information Disclosure via Username Management

Title source: llm

Description

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-en

Scores

CVSS v3 3.3

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Status published

Products (21)

huawei/cloudengine_12800_firmware v200r002c50spc800

huawei/cloudengine_12800_firmware v200r003c00spc810

huawei/cloudengine_12800_firmware v200r005c00spc800

huawei/cloudengine_12800_firmware v200r005c10spc800

huawei/cloudengine_12800_firmware v200r019c00spc800

huawei/cloudengine_5800_firmware v200r002c50spc800

huawei/cloudengine_5800_firmware v200r003c00spc810

huawei/cloudengine_5800_firmware v200r005c00spc800

huawei/cloudengine_5800_firmware v200r005c10spc800

huawei/cloudengine_5800_firmware v200r019c00spc800

... and 11 more

Published Jul 17, 2020

Tracked Since Feb 18, 2026