Improper Authentication Vulnerability in Honor V30 Smartphones by Huawei
CVE-2020-1788

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Honor V30
Vendor: CVE Published:; 21 January 2020

What is CVE-2020-1788?

The Honor V30 smartphones prior to version 10.0.1.135(C00E130R4P1) are affected by an improper authentication vulnerability that undermines the security of certain applications. This flaw allows attackers to impersonate legitimate applications by not adequately verifying their identity when accessing interfaces. Consequently, users can be misled into installing malicious software, which could enable unauthorized actions and lead to critical information disclosure.

Affected Version(s)

Honor V30 Versions earlier than 10.0.1.135(C00E130R4P1)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2020
Vulnerability Reserved
Nov 29, 2019