In some headsets, the vulnerability may be exploited to cause out-of-bounds access. In other headsets, the vulnerability may be exploited to cause out-of-bounds access. In some headsets, the vulnerability may be exploited to cause out-of-bounds read. In some headsets, the vulnerability may be exploited to cause out-of-bounds read. An unauthenticated attacker may send malformed message with specific parameter to get the device physically. An attacker may craft malformed message with specific parameter to get the device physically and craft malformed message with specific parameter to cause out-of-bounds access. An attacker may craft malformed message with specific parameter to cause out-of-bounds read. An attacker may craft malformed message with specific parameter to cause out-of-bounds read. An attacker may craft malformed message with specific parameter to cause out-of-bounds write. An attacker may craft malformed message with specific parameter to cause out-of-bounds write.
New vulnerability found after Patch Tuesday
A new vulnerability, designated CVE-2020-36602, was found on some HTC headsets after Patch Tuesday last week. The exploit impacts HMD models of Vive, Focus, and Vivo that have been updated with firmware version 1.38 updater app. It allows an attacker to send malformed messages with specific parameter to cause out-of-bounds access or write.
The vulnerability affects all non-secure devices running the vulnerable system software versions below:
Firmware Versions:
1.31.2514 / 1.34.3228 / 1.36a817x / 1.37 update 3 (v1)
Timeline
Published on: 09/20/2022 20:15:00 UTC
Last modified on: 09/22/2022 13:29:00 UTC