Improper Authorization Vulnerability in HUAWEI Mate 20 Smartphones
CVE-2020-1797

2.4LOW

Key Information:

Vendor: Huawei
Status: Huawei Mate 20
Vendor: CVE Published:; 29 May 2020

Summary

An improper authorization vulnerability exists in HUAWEI Mate 20 smartphones running software versions before 10.0.0.185 (C00E74R3P8). This flaw arises from insufficient restrictions on certain operations in ADB mode, enabling an attacker to bypass digital balance limitations. If exploited, this could allow unauthorized users to manipulate the device's settings, leading to potential misuse of functions meant to limit operations. Users are encouraged to update their devices to the latest software version to mitigate risks associated with this vulnerability.

Affected Version(s)

HUAWEI Mate 20 Versions earlier than 10.0.0.185(C00E74R3P8)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2020
Vulnerability Reserved
Nov 29, 2019