Auth bypass in Huawei Mate_30
CVE-2020-1801
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information d…
Vulnerability class: Broken Authentication
EPSS: 0.006 (43.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.
Affected products
- Huawei Mate_30
- Huawei Mate_30_firmware
- Huawei Mate_30_pro
- Huawei Mate_30_pro_firmware
- N/a Mate 30 Pro;mate — versions Versions earlier than 10.0.0.205(C00E202R7P2), Versions earlier than 10.0.0.205(C00E201R7P2)
Weakness classification (CWE)
References
- psirt@huawei.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-1801?
- CVE-2020-1801 is a medium-severity vulnerability in Huawei Mate_30, classified under Improper Authentication. CVSS score: 5.5/10. Published 2020-04-10.
- How severe is CVE-2020-1801?
- Medium severity. CVSS v3 base score is 5.5 out of 10.