Unrated severityNVD Advisory· Published Dec 28, 2024· Updated Dec 28, 2024

CVE-2020-1823

Description

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289)

The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple out-of-bounds read vulnerabilities in Huawei COPS protocol decoding could allow an attacker to cause denial of service on affected devices.

Vulnerability

The Common Open Policy Service (COPS) protocol implementation in several Huawei products contains multiple out-of-bounds read vulnerabilities (HWPSIRT-2018-12275 through HWPSIRT-2018-12280 and HWPSIRT-2018-12289) [1]. The flaw resides in a specific decoding function that processes incoming COPS data packets. Affected products include IPS Module V500R001C30, V500R001C60, V500R005C00, and others listed in the Huawei advisory [1]. The issue occurs when the decoder reads data beyond the allocated buffer boundary.

Exploitation

An attacker can exploit these vulnerabilities by sending a specially crafted COPS packet to an affected device [1]. No authentication or prior access is required if the COPS service is exposed to the network. The out-of-bounds read is triggered during packet parsing when the decoding function attempts to process malformed or oversized fields.

Impact

Successful exploitation leads to an out-of-bounds read, which can cause the device to crash or become unresponsive, resulting in denial of service (DoS) [1]. The advisory does not indicate code execution or privilege escalation; the primary impact is service disruption.

Mitigation

Huawei has released software updates to fix these vulnerabilities [1]. Affected versions should be upgraded to the resolved versions listed in the advisory (e.g., IPS Module V500R005C20SPC500). The initial release date of the security advisory is 2020-06-03, with last update on 2020-08-26. No workarounds have been published; applying the patch is the recommended mitigation.

References

Security Advisory - Multiple OOB Read Vulnerabilities in COPS implementation of Some Huawei Products

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Huawei/Ips Module Firmwarecpe-rescue
Range: V500R001C30
Huawei/Ngfw Module Firmwarecpe-rescue
Range: V500R002C00
Huawei/NIP6300cpe-rescue
Range: V500R001C30
Huawei/NIP6600cpe-rescue
Range: V500R001C30
Huawei/NIP6800v5
Range: V500R001C60
Huawei/Secospace Usg6300 Firmwarecpe-rescue
Range: V500R001C30
Huawei/Secospace Usg6500 Firmwarecpe-rescue
Range: V500R001C30
Huawei/Secospace Usg6600 Firmwarecpe-rescue
Range: V500R001C30
Huawei/USG6000Vv5
Range: V500R003C00

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20191218-01-cops-enmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000