CVE-2020-9109

CWE-287Improper AuthenticationCWE-3454 documents4 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 92.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Huawei Laya-al00ep FirmwareHuawei Mate 20 FirmwareHuawei Mate 20 X Firmware+3 more
Timeline
PublishedOct 12
Latest updateMay 24

Description

There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versio

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages6 packages

NVDhuawei/tony-al00b_firmware< 10.1.0.160\(c00e160r2p11\)
NVDhuawei/tony-tl00b_firmware< 10.1.0.160\(c01e160r2p11\)
NVDhuawei/mate_20_firmware< 10.1.0.160\(c00e160r3p8\)+1
NVDhuawei/mate_20_x_firmware< 10.1.0.160\(c00e160r2p8\)+1
NVDhuawei/laya-al00ep_firmware< 10.1.0.160\(c786e160r3p8\)

🔴Vulnerability Details

2
GHSA
GHSA-m44c-p74c-j3j2: There is an information disclosure vulnerability in several smartphones2022-05-24
CVEList
CVE-2020-9109: There is an information disclosure vulnerability in several smartphones2020-10-12

💬Community

1
Bugzilla
CVE-2017-9109 adns: out-of-bounds access when handling apparent answers2020-06-22
CVE-2020-9109 (MEDIUM CVSS 4.6) | There is an information disclosure | cvebase.io