Unrated severityNVD Advisory· Published Feb 17, 2020· Updated Aug 4, 2024

CVE-2020-1815

Description

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory leak in Huawei NIP6800, Secospace USG6600, and USG9500 allows remote attackers to cause denial of service via crafted messages.

Vulnerability

A memory leak vulnerability exists in Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00. The software fails to properly track and release allocated memory when parsing certain messages, leading to progressive memory consumption [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by continuously sending crafted messages to the affected device. No special privileges or user interaction are required. The attacker must have network access to the device’s management or service interfaces that process the malicious messages [1].

Impact

Successful exploitation causes memory exhaustion, leading to a denial of service condition. The device may become unresponsive or crash, disrupting network operations. No data compromise is reported, but service availability is severely impacted [1].

Mitigation

Huawei has released software updates to fix this vulnerability. The recommended fixed version is V500R005C20SPC300 for NIP6800, Secospace USG6600, and USG9500. Users should upgrade to the latest available version as specified in the advisory [1]. No workarounds are documented.

References

Security Advisory - Memory Leak Vulnerability in Some Firewall Products

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Huawei/Secospace USG9500llm-create
Range: V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00
Huawei/NIP6800llm-fuzzy
Range: V500R001C30, V500R001C60SPC500, V500R005C00
Huawei/Secospace USG6600llm-fuzzy
Range: V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00
Huawei/NIP6800v5
Range: V500R001C30
Huawei/Secospace Usg6600 Firmwarecpe-rescue
Range: V500R001C30SPC200

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20200212-02-firewall-enmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000