Improper Authorization in Huawei Smartphones
CVE-2020-9081

6.8MEDIUM

Key Information:

Vendor: Huawei
Status: Huawei Mate 20; Huawei P30; Huawei P30 Pro; Princeton-al10d
Vendor: CVE Published:; 27 December 2024

Summary

An improper authorization vulnerability exists in certain models of Huawei smartphones. This security flaw allows an attacker to execute a series of operations under specific conditions, potentially leading to the ability to bypass app locks. By exploiting this vulnerability, unauthorized access to locked applications could be achieved, compromising user privacy and data security.

Affected Version(s)

HUAWEI Mate 20 Versions earlier than 10.1.0.160(C00E160R3P8)

HUAWEI Mate 20 Versions earlier than 10.1.0.160(C01E160R2P8)

HUAWEI P30 Versions earlier than 10.1.0.160(C00E160R2P11)

References

https://www.huawei.com/en/psirt/security-advisories/2020/...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Feb 18, 2020