Taurus Al00A Firmware
CVE-2020-9093
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service.
AnalysisAI
There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. Affected products include: Huawei Taurus-Al00A Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in Taurus Al00A Firmware
View allSome Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Rated high severity (CVSS 7.5),
There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). Rated high severity (CVSS 7.1), this vu
Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vulnerability in XFRM module. Rated medium severity (
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). Rated low severity (CVSS 3.3), this vulnera
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). Rated low severity (CVSS 3.3), this vu
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today