CVE-2020-1798Improper Authentication in Huawei P30 Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 93.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P30 FirmwareHuawei P30
Timeline
PublishedMay 29
Latest updateMay 24

Description

HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/p30_firmware< 10.1.0.135\(c00e135r2p11\)
CVEListV5huawei/huawei_p30Versions earlier than 10.1.0.135(C00E135R2P11)

🔴Vulnerability Details

2
GHSA
GHSA-9wq4-fm8p-3j73: HUAWEI P30 smartphones with versions earlier than 102022-05-24
CVEList
CVE-2020-1798: HUAWEI P30 smartphones with versions earlier than 102020-05-29
CVE-2020-1798 — Improper Authentication in Huawei | cvebase