CVE-2020-1809

CWE-200 — Information Exposure9 documents6 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 91.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Mate 10 FirmwareHuawei Huawei Mate 10
Timeline
PublishedMay 29
Latest updateMay 24

Description

HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

â–¶NVDhuawei/mate_10_firmware< 10.0.0.143\(c00e143r2p4\)
â–¶CVEListV5huawei/huawei_mate_10Versions earlier than 10.0.0.143(C00E143R2P4)

🔴Vulnerability Details

2
GHSA
GHSA-cr94-qhhf-h959: HUAWEI Mate 10 smartphones with versions earlier than 10↗2022-05-24
â–¶
CVEList
CVE-2020-1809: HUAWEI Mate 10 smartphones with versions earlier than 10↗2020-05-29
â–¶

💥Exploits & PoCs

4
Exploit-DB
Visitor Management System in PHP 1.0 - SQL Injection (Authenticated)↗2020-10-20
â–¶
Exploit-DB
Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated)↗2020-10-16
â–¶
Exploit-DB
Seat Reservation System 1.0 - Unauthenticated SQL Injection↗2020-10-16
â–¶
Exploit-DB
Visitor Management System in PHP 1.0 - Persistent Cross-Site Scripting↗2020-09-24
â–¶

📋Vendor Advisories

1
Microsoft
.NET Framework Remote Code Execution Vulnerability↗2020-08-11
â–¶
CVE-2020-1809 (MEDIUM CVSS 4.6) | HUAWEI Mate 10 smartphones with ver | cvebase.io