Vulnerabilities > CVE-2020-1807 - Incorrect Authorization vulnerability in Huawei Mate 20 Firmware

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

huawei

CWE-863

NVD

Published: 2020-04-27

Updated: 2021-07-21

Summary

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 20 Firmware - Huawei Mate 20 Firmware 9.0.0.205\(C00E205R2P1\) Huawei Mate 20 Firmware 9.1.0.131\(C00E131R3P1\) Huawei Mate 20 Firmware 9.1.0.139\(C00E133R3P1\) Huawei Mate 20 Firmware 10.0.0.175\(C00E70R3P8\) Huawei Mate 20 Firmware 10.0.0.185\(C00E74R3P8\)	6
Hardware	Huawei Huawei Mate 20 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200422-01-smartphone-en