Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-1792

Опубликовано: 28 фев. 2020
Источник: nvd
CVSS3: 5.5
CVSS2: 7.1
EPSS Низкий

Описание

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*
Версия до bkl-al20_10.0.0.156\(c00e156r2p4\) (исключая)
cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:huawei:honor_v10_firmware:*:*:*:*:*:*:*:*
Версия до bkl-l09_10.0.0.146\(c432e4r1p4\) (исключая)
cpe:2.3:h:huawei:honor_v10:-:*:*:*:*:*:*:*

EPSS

Процентиль: 34%
0.00137
Низкий

5.5 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

github логотип

GHSA-838v-88q9-7fmf

github
больше 3 лет назад

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability. The software writes data past the end of the intended buffer because of insufficient validation of certain parameter when initializing certain driver program. An attacker could trick the user into installing a malicious application, successful exploit could cause the device to reboot.

EPSS

Процентиль: 34%
0.00137
Низкий

5.5 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-787