Taurus Al00A Firmware
CVE-2020-9087
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak.
AnalysisAI
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. An authenticated, local attacker may perform a specific operation to exploit this vulnerability. Due to insufficient validation of the parameters, which may be exploited to cause information leak. Affected products include: Huawei Taurus-Al00A Firmware. Version information: version 10.0.0.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Taurus Al00A Firmware
View allSome Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Rated high severity (CVSS 7.5),
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). Rated high severity (CVSS 7.1), this vu
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). Rated medium severity (CVSS 5.5),
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). Rated low severity (CVSS 3.3), this vulnera
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). Rated low severity (CVSS 3.3), this vu
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today