CVE-2020-9118

MEDIUM

Huawei Sound X - Code Injection

Title source: llm

Description

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).

References (1)

[Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en

Scores

CVSS v3 6.8

EPSS 0.0001

EPSS Percentile 2.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-354

Status published

Products (9)

huawei/ais-bw80h-00_firmware 9.0.3.1\(h100sp3c00\)

huawei/ais-bw80h-00_firmware 9.0.3.1\(h100sp9c00\)

huawei/ais-bw80h-00_firmware 9.0.3.1\(h100sp13c00\)

huawei/ais-bw80h-00_firmware 9.0.3.1\(h100sp18c00\)

huawei/ais-bw80h-00_firmware 9.0.3.2\(h100sp1c00\)

huawei/ais-bw80h-00_firmware 9.0.3.2\(h100sp2c00\)

huawei/ais-bw80h-00_firmware 9.0.3.2\(h100sp5c00\)

huawei/ais-bw80h-00_firmware 9.0.3.2\(h100sp8c00\)

huawei/ais-bw80h-00_firmware 9.0.3.3\(h100sp1c00\)

Published Feb 06, 2021

Tracked Since Feb 18, 2026