Information Exposure in Huawei HONOR 20 PRO Due to Input Control Flaw
CVE-2020-9235

5.5MEDIUM

Key Information:

Vendor
Huawei
Status
Honor 20 Pro;honor View 20;oxfords-an00a;princeton-al10b;princeton-al10d;princeton-tl10c;tony-al00b;yale-al00a;yale-l21a;yale-l61a
Vendor
CVE Published:
3 September 2020

Summary

An information exposure vulnerability exists in the Huawei HONOR 20 PRO due to a design error that lacks proper control of input data. This flaw can be exploited by attackers, enabling them to gain unauthorized access to sensitive information, potentially resulting in data leakage. Users of affected versions of the HONOR 20 PRO should ensure they update their devices to the latest software version to mitigate the risk of exploitation. Details regarding the specific versions impacted can be found in the security advisory provided by Huawei.

Affected Version(s)

HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A Versions earlier than 10.1.0.230(C432E9R5P1),Versions earlier than 10.1.0.231(C10E3R3P2),Versions earlier than 10.1.0.231(C185E3R5P1),Versions earlier than 10.1.0.231(C636E3R3P1)

HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A Versions earlier than 10.1.0.212(C432E10R3P4),Versions earlier than 10.1.0.213(C636E3R4P3),Versions earlier than 10.1.0.214(C10E5R4P3),Versions earlier than 10.1.0.214(C185E3R3P3)

HONOR 20 PRO;Honor View 20;OxfordS-AN00A;Princeton-AL10B;Princeton-AL10D;Princeton-TL10C;Tony-AL00B;Yale-AL00A;Yale-L21A;Yale-L61A Versions earlier than 10.1.0.212(C00E210R5P1)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.