CVE-2020-1838Improper Authentication in Huawei Mate 30 PRO Firmware

CWE-287Improper Authentication4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 93.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Huawei Mate 30 PRO Firmware
Timeline
PublishedJul 6
Latest updateMay 24

Description

HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDhuawei/mate_30_pro_firmware< 10.1.0.150\(c00e136r5p3\)

🔴Vulnerability Details

2
GHSA
GHSA-7334-vj9v-548q: HUAWEI Mate 30 Pro with versions earlier than 102022-05-24
CVEList
CVE-2020-1838: HUAWEI Mate 30 Pro with versions earlier than 102020-07-06
CVE-2020-1838 — Improper Authentication in Huawei | cvebase