Information Exposure Vulnerability in Huawei Smartphones
CVE-2020-9089

3.3LOW

Key Information:

Vendor: Huawei
Status: Huawei P30 Pro
Vendor: CVE Published:; 27 December 2024

Summary

An information exposure vulnerability exists in certain Huawei smartphones where a specific function within a module can be invoked without proper access verification. This weakness allows attackers who already possess user access to potentially exploit the flaw and access sensitive information. The absence of strict access controls may lead to unintentional information disclosure, posing risks to user privacy and security. It is crucial for users of affected devices to remain vigilant and apply security updates provided by Huawei to mitigate this vulnerability.

Affected Version(s)

HUAWEI P30 Pro Versions earlier than 10.1.0.120(C431E19R2P5)

HUAWEI P30 Pro Versions earlier than 10.1.0.120(C432E19R2P5)

HUAWEI P30 Pro Versions earlier than 10.1.0.126(C10E11R5P1)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Feb 18, 2020