Vulnerabilities > CVE-2020-9081 - Incorrect Authorization vulnerability in Huawei products

CVSS 6.8 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

huawei

CWE-863

NVD

Published: 2024-12-27

Updated: 2025-01-10

Summary

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 20 Firmware - Huawei Mate 20 Firmware 9.0.0.195\(C01E195R2P1\) Huawei Mate 20 Firmware 9.0.0.205\(C00E205R2P1\) Huawei Mate 20 Firmware 9.1.0.131\(C00E131R3P1\) Huawei Mate 20 Firmware 9.1.0.139\(C00E133R3P1\) Huawei Mate 20 Firmware 10.0.0.175\(C00E70R3P8\) Huawei Mate 20 Firmware 10.0.0.185\(C00E74R3P8\) Huawei Mate 20 Firmware 10.0.0.188\(C00E74R3P8\) Huawei Mate 20 Firmware 10.0.0.195\(C00E74R3P8\) Huawei Mate 20 Firmware 10.0.0.195\(Sp31C00E74R3P8\) Huawei Mate 20 Firmware 10.1.0.160\(C00E160R3P8\) Huawei P30 Firmware - Huawei P30 Firmware 9.1.0.131\(C00E130R1P21\) Huawei P30 Firmware 9.1.0.193 Huawei P30 Firmware 9.1.0.193\(C00E190R2P1\) Huawei P30 Firmware 9.1.0.226\(C00E220R2P1\) Huawei P30 Firmware 9.1.0.272\(C635E4R2P2\) Huawei P30 Firmware 10.0.0.166\(C00E66R1P11\) Huawei P30 Firmware 10.0.0.173\(C00E73R1P11\) Huawei P30 Firmware 10.0.0.185\(C00E85R1P11\) Huawei P30 Firmware 10.0.0.186\(C10E7R5P1\) Huawei P30 Firmware 10.0.0.186\(C461E4R3P1\) Huawei P30 Firmware 10.0.0.188\(C00E85R2P11\) Huawei P30 Firmware 10.0.0.188\(C01E88R2P11\) Huawei P30 Firmware 10.0.0.188\(C605E19R1P3\) Huawei P30 Firmware 10.0.0.190\(C185E4R7P1\) Huawei P30 Firmware 10.0.0.190\(C431E22R2P5\) Huawei P30 Firmware 10.0.0.190\(C432E22R2P5\) Huawei P30 Firmware 10.0.0.190\(C605E19R1P3\) Huawei P30 Firmware 10.0.0.190\(C636E4R3P4\) Huawei P30 Firmware 10.0.0.192\(C635E3R2P4\) Huawei P30 Firmware 10.0.0.195\(C432E22R2P5\) Huawei P30 Firmware 10.0.0.200\(C00E85R2P11\) Huawei P30 Firmware 10.0.0.200\(C461E6R3P1\) Huawei P30 Firmware 10.0.0.201\(C10E7R5P1\) Huawei P30 Firmware 10.0.0.201\(C185E4R7P1\) Huawei P30 Firmware 10.0.0.206\(C605E19R1P3\) Huawei P30 Firmware 10.0.0.209\(C636E6R3P4\) Huawei P30 Firmware 10.0.0.210\(C635E3R2P4\) Huawei P30 Firmware 10.1.0.123\(C431E22R2P5\) Huawei P30 Firmware 10.1.0.123\(C432E22R2P5\) Huawei P30 Firmware 10.1.0.126\(C10E7R5P1\) Huawei P30 Firmware 10.1.0.126\(C185E4R7P1\) Huawei P30 Firmware 10.1.0.126\(C461E7R3P1\) Huawei P30 Firmware 10.1.0.126\(C605E19R1P3\) Huawei P30 Firmware 10.1.0.126\(C636E5R3P4\) Huawei P30 Firmware 10.1.0.126\(C636E7R3P4\) Huawei P30 Firmware 10.1.0.128\(C635E3R2P4\) Huawei P30 Firmware 10.1.0.135\(C00E135R2P11\) Huawei P30 PRO Firmware - Huawei P30 PRO Firmware 9.1.0.186\(C00E180R2P1\) Huawei P30 PRO Firmware 9.1.0.226\(C00E210R2P1\) Huawei P30 PRO Firmware 10.0.0.195\(C00E85R2P8\) Huawei P30 PRO Firmware 10.1.0.123\(C432E19R2P5Patch02\) Huawei P30 PRO Firmware 10.1.0.126\(C10E11R5P1\) Huawei P30 PRO Firmware 10.1.0.135\(C00E135R2P8\) Huawei P30 PRO Firmware 10.1.0.135\(C01E135R2P8\) Huawei P30 PRO Firmware 10.1.0.160\(C00E160R2P8\) Huawei Princeton Al10D Firmware - Huawei Princeton Al10D Firmware 9.1.0.212\(C00E204R2P2\) Huawei Yale Al00A Firmware - Huawei Yale Al00A Firmware 10.0.0.196\(C00E62R8P12\) Huawei Yale Al50A Firmware - Huawei Yalep Al10B Firmware - Huawei Yalep Al10B Firmware 10.0.0.194\(C00E62R8P12\)	65
Hardware	Huawei Huawei Mate 20 - Huawei P30 - Huawei P30 PRO - Huawei Princeton Al10D - Huawei Yale Al00A - Huawei Yale Al50A - Huawei Yalep Al10B -	7

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-15-smartphone-en