CVE-2020-1785

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 66.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Honor 10 Firmware Huawei Honor V10 Firmware Huawei Mate 10 PRO Firmware +1 more

Timeline

PublishedJan 3

Latest updateMay 24

Description

Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDhuawei/honor_10_firmware< 9.1.0.350\(c10e5r1p14t8\)+4

▶NVDhuawei/honor_v10_firmware< 9.1.0.333\(c00e333r2p1t8\)+2

▶NVDhuawei/nova_4_firmware< 9.1.0.225\(c636e1r4p1\)

▶NVDhuawei/mate_10_pro_firmware< 9.1.0.321\(c605e4r1p13t8\)+2

🔴Vulnerability Details

GHSA

GHSA-88vp-h6f8-j263: Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability↗2022-05-24

▶

CVEList

CVE-2020-1785: Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability↗2020-01-03

▶