CVE-2020-1840Improper Authentication in Huawei Mate 20 Firmware

CWE-287Improper AuthenticationCWE-352Cross-Site Request Forgery6 documents6 sources
Severity
6.0MEDIUMNVD
GHSA5.0
EPSS
0.1%
top 83.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Mate 20 FirmwareHuawei Mate 20
Timeline
PublishedJan 21
Latest updateMay 24

Description

HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

NVDhuawei/mate_20_firmware10.0.0.175\(c00e70r3p8\)
CVEListV5huawei/huawei_mate_20Versions earlier than 10.0.0.175(C00E70R3P8)

🔴Vulnerability Details

3
GHSA
GHSA-rf3j-pmqj-4m5q: HUAWEI Mate 20 smart phones with versions earlier than 102022-05-24
GHSA
CSRF Vulnerability in rails-ujs2020-07-07
CVEList
CVE-2020-1840: HUAWEI Mate 20 smart phones with versions earlier than 102020-01-21

📋Vendor Advisories

1
Red Hat
rubygem-actionview: CSRF vulnerability in rails-ujs2020-05-18

💬Community

1
Bugzilla
CVE-2020-8167 rubygem-actionview: CSRF vulnerability in rails-ujs2020-06-02
CVE-2020-1840 — Improper Authentication in Huawei | cvebase