CVE-2020-9118

06.02.2021, 02:15

There is an insufficient integrity check vulnerability in Huawei Sound X Product. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. Affected product versions include:AIS-BW80H-00 versions 9.0.3.1(H100SP13C00),9.0.3.1(H100SP18C00),9.0.3.1(H100SP3C00),9.0.3.1(H100SP9C00),9.0.3.2(H100SP1C00),9.0.3.2(H100SP2C00),9.0.3.2(H100SP5C00),9.0.3.2(H100SP8C00),9.0.3.3(H100SP1C00).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
huawei	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
huawei	ais-bw80h-00_firmware	9.0.3.1\(h100sp3c00\)
huawei	ais-bw80h-00_firmware	9.0.3.1\(h100sp9c00\)
huawei	ais-bw80h-00_firmware	9.0.3.1\(h100sp13c00\)
huawei	ais-bw80h-00_firmware	9.0.3.1\(h100sp18c00\)
huawei	ais-bw80h-00_firmware	9.0.3.2\(h100sp1c00\)
huawei	ais-bw80h-00_firmware	9.0.3.2\(h100sp2c00\)
huawei	ais-bw80h-00_firmware	9.0.3.2\(h100sp5c00\)
huawei	ais-bw80h-00_firmware	9.0.3.2\(h100sp8c00\)
huawei	ais-bw80h-00_firmware	9.0.3.3\(h100sp1c00\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-354 - Improper Validation of Integrity Check Value
The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-ais-en