CVE-2020-1866
Description
There is an out-of-bounds read vulnerability in several products. The software reads data past the end of the intended buffer when parsing certain crafted DHCP messages. Successful exploit could cause certain service abnormal. Affected product versions include:NIP6800 versions V500R001C30,V500R001C60SPC500,V500R005C00;S12700 versions V200R008C00;S2700 versions V200R008C00;S5700 versions V200R008C00;S6700 versions V200R008C00;S7700 versions V200R008C00;S9700 versions V200R008C00;Secospace USG6600 versions V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00;USG9500 versions V500R001C30SPC300,V500R001C30SPC600,V500R001C60SPC500,V500R005C00.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in Huawei NIP6800, S-series switches, and USG firewalls allows a crafted DHCP message to cause service disruption.
Vulnerability
An out-of-bounds read vulnerability exists in several Huawei products when parsing certain crafted DHCP messages. The software reads data beyond the intended buffer, leading to abnormal service behavior. Affected versions include NIP6800 V500R001C30, V500R001C60SPC500, V500R005C00; S12700 V200R008C00; S2700 V200R008C00; S5700 V200R008C00; S6700 V200R008C00; S7700 V200R008C00; S9700 V200R008C00; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00; and USG9500 V500R001C30SPC300, V500R001C30SPC600, V500R001C60SPC500, V500R005C00 [1].
Exploitation
An attacker with network access to the affected device can send a specially crafted DHCP message to trigger the out-of-bounds read. No authentication is required, as DHCP messages are typically processed without prior authentication [1]. The attack does not require user interaction.
Impact
Successful exploitation can cause abnormal service behavior, potentially leading to a denial of service (DoS) condition. The vulnerability is limited to causing a service disruption and does not allow arbitrary code execution or data leakage [1].
Mitigation
Huawei has released software updates to fix the vulnerability. Resolved versions include NIP6800 V500R005C20SPC300; S12700 V200R013C00SPC500; S2700, S5700, S6700, S7700, S9700 all upgraded to V200R013C00SPC500; Secospace USG6600 V500R005C20SPC300; and USG9500 V500R005C20SPC300. The advisory was initially released on 2020-01-22 and last updated on 2020-12-30 [1]. Users should apply the recommended updates.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200122-09-eudemon-enmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.