CVE-2020-1801Improper Authentication in Huawei Mate 30 Firmware

CWE-287Improper AuthenticationCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 71.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Mate 30 FirmwareHuawei Mate 30 PRO Firmware
Timeline
PublishedApr 10
Latest updateMay 24

Description

There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDhuawei/mate_30_firmware< 10.0.0.205\(c00e201r7p2\)
NVDhuawei/mate_30_pro_firmware< 10.0.0.205\(c00e202r7p2\)

🔴Vulnerability Details

2
GHSA
GHSA-fg35-c4c9-gp8p: There is an improper authentication vulnerability in several smartphones2022-05-24
CVEList
CVE-2020-1801: There is an improper authentication vulnerability in several smartphones2020-04-10
CVE-2020-1801 — Improper Authentication in Huawei | cvebase