CVE-2020-9102
Description
There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local information disclosure vulnerability in Huawei CloudEngine switches due to improper username management.
Vulnerability
A local information leak vulnerability exists in Huawei CloudEngine series switches due to improper management of the username. Affected versions include CloudEngine 12800 (V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800), CloudEngine 5800 (V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800), CloudEngine 6800 (V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800), and CloudEngine 7800 (V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800), as well as CloudEngine 16800 (V200R005C20SPC800, V200R019C00SPC800) [1].
Exploitation
An attacker with local access to an affected device can trigger the vulnerability to cause the username information to leak [1]. The exact exploitation steps are not detailed in the available references.
Impact
Successful exploitation allows a local attacker to obtain username information from the device [1], potentially aiding in further targeted attacks. The vulnerability leads to information disclosure.
Mitigation
Huawei released software updates to fix this vulnerability. The resolved versions are: CloudEngine 16800 (V200R019C10SPC800), CloudEngine 12800 (V200R005C10SPC800+V200R005SPH023), and CloudEngine 5800/6800/7800 (upgrade to V200R005C10SPC800+V200R005SPH023 or later) [1]. Users should upgrade to the fixed versions.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- Range: V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800
- Range: V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800
- Range: V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800
- Range: V200R002C50SPC800
- Range: V200R002C50SPC800
- Range: V200R002C50SPC800
- Range: V200R002C50SPC800
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-03-informationleak-enmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.