{"api_version":"1","generated_at":"2026-04-23T09:38:32+00:00","cve":"CVE-2020-9068","urls":{"html":"https://cve.report/CVE-2020-9068","api":"https://cve.report/api/cve/CVE-2020-9068.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-9068","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-9068"},"summary":{"title":"CVE-2020-9068","description":"Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.","state":"PUBLIC","assigner":"psirt@huawei.com","published_at":"2020-04-27 16:15:00","updated_at":"2020-04-30 19:16:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-authentication-en","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-authentication-en","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Advisory - Improper Authentication Vulnerability in Several Huawei Products","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-9068","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9068","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"9068","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"ar3200","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"huawei","cpe5":"ar3200","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spc900","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spca00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spcb00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spcc00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r009c00spc500","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spc900","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spca00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spcb00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r007c00spcc00","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"9068","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"huawei","cpe5":"ar3200_firmware","cpe6":"v200r009c00spc500","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-9068","qid":"43877","title":"Huawei Router Improper Authentication Vulnerability (huawei-sa-20200422-01-authentication-en)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-9068","ASSIGNER":"psirt@huawei.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Huawei","product":{"product_data":[{"product_name":"AR3200","version":{"version_data":[{"version_value":"V200R007C00SPC900"},{"version_value":"V200R007C00SPCa00"},{"version_value":"V200R007C00SPCb00"},{"version_value":"V200R007C00SPCc00"},{"version_value":"V200R009C00SPC500"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Authentication"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-authentication-en","url":"https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-authentication-en"}]},"description":{"description_data":[{"lang":"eng","value":"Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device."}]}},"nvd":{"publishedDate":"2020-04-27 16:15:00","lastModifiedDate":"2020-04-30 19:16:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spc900:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spca00:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcb00:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:ar3200_firmware:v200r007c00spcc00:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:huawei:ar3200_firmware:v200r009c00spc500:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"9068","Ordinal":"169445","Title":"CVE-2020-9068","CVE":"CVE-2020-9068","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"9068","Ordinal":"1","NoteData":"Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"9068","Ordinal":"2","NoteData":"2020-04-27","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"9068","Ordinal":"3","NoteData":"2020-04-27","Type":"Other","Title":"Modified"}]}}}