Improper Authorization Vulnerability in HUAWEI Smartphones
CVE-2020-1796

6.6MEDIUM

Key Information:

Vendor: Huawei
Status: Huawei Mate 20;huawei Mate 30 Pro
Vendor: CVE Published:; 20 March 2020

What is CVE-2020-1796?

An improper authorization vulnerability exists in several HUAWEI smartphone models. This issue allows a low privilege user to perform restricted operations that should not be accessible to them. The flaw is due to incorrect authorization checks in the software, which can lead to unauthorized access and manipulation of sensitive functions within the devices. Users of the affected HUAWEI Mate 20 and Mate 30 Pro should consider updating their devices to the latest software versions to mitigate potential risks.

Affected Version(s)

HUAWEI Mate 20;HUAWEI Mate 30 Pro Versions earlier than 10.0.0.188(C00E74R3P8)

HUAWEI Mate 20;HUAWEI Mate 30 Pro Versions earlier than 10.0.0.203(C00E202R7P2)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Nov 29, 2019

Huawei

What is CVE-2020-1796?

Affected Version(s)

References

CVSS V3.1

Timeline