CVE-2020-9245 — Incorrect Authorization in Huawei P30 Firmware

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei P30 Firmware Huawei P30 PRO Firmware

Timeline

PublishedAug 10

Latest updateMay 24

Description

HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization. The attacker could trick the user installing and executing a malicious application, successful exploit could cause a denial of service condition of PHONE function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/p30_firmware< 10.1.0.160\(c00e160r2p11\)

▶NVDhuawei/p30_pro_firmware< 10.1.0.160\(c00e160r2p8\)

🔴Vulnerability Details

GHSA

GHSA-p2h2-c6c9-9wpx: HUAWEI P30 versions Versions earlier than 10↗2022-05-24

▶

CVEList

CVE-2020-9245: HUAWEI P30 versions Versions earlier than 10↗2020-08-10

▶