CVE-2020-1882

CWE-863Incorrect Authorization4 documents4 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 94.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Huawei Ever-l29b FirmwareHuawei Honor Magic2 FirmwareHuawei Mate 20 RS Firmware+5 more
Timeline
PublishedFeb 18
Latest updateMay 24

Description

Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3); HUAWEI Mate 20 RS versions earlier than 10.0.0.175(C786E70R3P8); HUAWEI Mate 20 X versions earlier than 10.0.0.176(C00E70R2P8); and Honor Magic2 versions earlier than 10.0.0.175(C00E59R2P11) have an improper authorization vulnerability. Due to improper authorization of some function, attackers can bypass the authorization to perform some operation

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages8 packages

NVDhuawei/ever-l29b_firmware< 10.0.0.180\(c185e6r3p3\)+2
NVDhuawei/mate_20_x_firmware< 10.0.0.176\(c00e70r2p8\)
NVDhuawei/mate_20_rs_firmware< 10.0.0.175\(c786e70r3p8\)
NVDhuawei/honor_magic2_firmware< 10.0.0.175\(c00e59r2p11\)
CVEListV5huawei/ever-l29bearlier than 10.0.0.180(C185E6R3P3), earlier than 10.0.0.180(C432E6R1P7), earlier than 10.0.0.180(C636E5R2P3)+2

🔴Vulnerability Details

2
GHSA
GHSA-979g-pggf-hwp2: Huawei mobile phones Ever-L29B versions earlier than 102022-05-24
CVEList
CVE-2020-1882: Huawei mobile phones Ever-L29B versions earlier than 102020-02-17

💬Community

1
Bugzilla
CVE-2020-26088 kernel: missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c allows local attackers to create raw sockets2020-09-24
CVE-2020-1882 (MEDIUM CVSS 4.6) | Huawei mobile phones Ever-L29B vers | cvebase.io