Improper Input Verification in HUAWEI P30 Smartphones
CVE-2020-9258

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Huawei P30
Vendor: CVE Published:; 10 July 2020

Summary

The HUAWEI P30 smartphones are susceptible to an improper input verification vulnerability in earlier versions than 10.1.0.135(C00E135R2P11). This flaw arises from inadequate setting of attributes in a specific module, allowing attackers with local access to inject malicious fragments. The exploitation of this vulnerability could potentially lead to the leakage of sensitive user information, posing significant privacy risks.

Affected Version(s)

HUAWEI P30 Versions earlier than 10.1.0.135(C00E135R2P11)

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2020
Vulnerability Reserved
Feb 18, 2020