cbcvebase.
CVE-2020-1882
published 2020-02-18

CVE-2020-1882: Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI…

medium4.6CVSS 3.1
AVPACLPRNUINSUCNIHAN
Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operations.

Affected

12 ranges
VendorProductVersion rangeFixed in
huaweiever-l29b
huaweiever-l29b
huaweiever-l29b
huaweiever-l29b_firmware< 10.0.0.180\(c185e6r3p3\)10.0.0.180\(c185e6r3p3\)
huaweiever-l29b_firmware< 10.0.0.180\(c432e6r1p7\)10.0.0.180\(c432e6r1p7\)
huaweiever-l29b_firmware< 10.0.0.180\(c636e5r2p3\)10.0.0.180\(c636e5r2p3\)
huaweihonor_magic2
huaweihonor_magic2_firmware< 10.0.0.175\(c00e59r2p11\)10.0.0.175\(c00e59r2p11\)
huaweihuawei_mate_20_rs
huaweihuawei_mate_20_x
huaweimate_20_rs_firmware< 10.0.0.175\(c786e70r3p8\)10.0.0.175\(c786e70r3p8\)
huaweimate_20_x_firmware< 10.0.0.176\(c00e70r2p8\)10.0.0.176\(c00e70r2p8\)