CVE-2020-9235Improper Input Validation in Huawei Honor 20 PRO Firmware

CWE-20Improper Input ValidationCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 90.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Huawei Honor 20 PRO FirmwareHuawei Honor View 20 FirmwareHuawei Oxfords-an00a Firmware+7 more
Timeline
PublishedSep 3
Latest updateMay 24

Description

Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1);Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3);Versions earlier than 10.1.0.212(C00E210R5P1);Versions earlier than 10.1.0.160(C00E160R2P11);Versions earlier

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDhuawei/honor_20_pro_firmware< 10.1.0.230\(c432e9r5p1\)+3
NVDhuawei/honor_view_20_firmware< 10.1.0.212\(c432e10r3p4\)+3
NVDhuawei/yale-l21a_firmware< 10.1.0.230\(c432e9r5p1\)+2
NVDhuawei/yale-l61a_firmware< 10.1.0.225\(c431e3r1p2\)+1
NVDhuawei/tony-al00b_firmware< 10.1.0.160\(c00e160r2p11\)

🔴Vulnerability Details

2
GHSA
GHSA-46w2-3f5r-88m4: Huawei smartphones HONOR 20 PRO Versions earlier than 102022-05-24
CVEList
CVE-2020-9235: Huawei smartphones HONOR 20 PRO Versions earlier than 102020-09-03
CVE-2020-9235 — Improper Input Validation in Huawei | cvebase