Improper Authentication Vulnerability in HUAWEI Mate 30 Pro
CVE-2020-1838

5.5MEDIUM

Key Information:

Vendor
Huawei
Vendor
CVE Published:
6 July 2020

Summary

The HUAWEI Mate 30 Pro, prior to version 10.1.0.150(C00E136R5P3), exhibits an improper authentication vulnerability. This weakness arises from the device's inability to adequately validate user face credentials, potentially allowing an attacker to create and employ a crafted credential. Successful exploitation of this vulnerability may enable unauthorized access through the application's authentication mechanism, posing significant security risks.

Affected Version(s)

HUAWEI Mate 30 Pro Versions earlier than 10.1.0.150(C00E136R5P3)

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.