Vulnerabilities > CVE-2020-1797 - Incorrect Authorization vulnerability in Huawei Mate 20 Firmware

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

huawei

CWE-863

NVD

Published: 2020-05-29

Updated: 2021-07-21

Summary

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 20 Firmware - Huawei Mate 20 Firmware 9.0.0.205\(C00E205R2P1\) Huawei Mate 20 Firmware 9.1.0.131\(C00E131R3P1\) Huawei Mate 20 Firmware 9.1.0.139\(C00E133R3P1\) Huawei Mate 20 Firmware 10.0.0.175\(C00E70R3P8\)	5
Hardware	Huawei Huawei Mate 20 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-03-smartphone-en