CVE-2020-9209

Name: CVE-2020-9209
Creator: NVD / NIST
Published: 2021-01-13T23:15:13.807+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.7/10EPSS 0.21%

Last modified Jun 17, 2026

CVE-2020-9209 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. EPSS estimates a 0.21% chance of exploitation in the next 30 days.

Description

There is a privilege escalation vulnerability in SMC2.0 product. Some files in a directory of a module are located improperly. It does not apply the directory limitation. Attackers can exploit this vulnerability by crafting malicious file to launch privilege escalation. This can compromise normal service of affected products.

Metrics

CVSS 3.1

6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.21%

11.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-862

Affected Software

Vendor	Product	Versions
Huawei	Smc2.0 Firmware	v600r006c00spc700
Huawei	Smc2.0 Firmware	v600r006c00spc800
Huawei	Smc2.0 Firmware	v600r006c10spc500
Huawei	Smc2.0 Firmware	v600r006c10spc600
Huawei	Smc2.0 Firmware	v600r006c10spc601
Huawei	Smc2.0 Firmware	v600r006c10spc602
Huawei	Smc2.0 Firmware	v600r006c10spc700
Huawei	Smc2.0 Firmware	v600r006c10spc800
Huawei	Smc2.0 Firmware	v600r006c10spca00
Huawei	Smc2.0 Firmware	v600r006c10spcb00
Huawei	Smc2.0 Firmware	v600r006c10spcc00
Huawei	Smc2.0 Firmware	v600r006c10spcd00
Huawei	Smc2.0 Firmware	v600r006c10spce00
Huawei	Smc2.0 Firmware	v600r019c00
Huawei	Smc2.0 Firmware	v600r019c10

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-enVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-01-pe-enVendor Advisory

Timeline

Published: Jan 13, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-9209?

How severe is CVE-2020-9209?

CVE-2020-9209 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.21% probability of exploitation in the next 30 days.

How do I fix CVE-2020-9209?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-9209?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST