CVE-2020-1812Improper Authentication in Huawei P30 Firmware

CWE-287Improper Authentication3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 87.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei P30 FirmwareHuawei P30
Timeline
PublishedFeb 18
Latest updateMay 24

Description

HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/p30_firmware< 10.0.0.173\(c00e73r1p11\)
CVEListV5huawei/huawei_p30Versions earlier than 10.0.0.173(C00E73R1P11)

🔴Vulnerability Details

2
GHSA
GHSA-vf7f-rm6p-4f56: HUAWEI P30 smartphones with versions earlier than 102022-05-24
CVEList
CVE-2020-1812: HUAWEI P30 smartphones with versions earlier than 102020-02-18
CVE-2020-1812 — Improper Authentication in Huawei | cvebase