Vulnerabilities > CVE-2020-9261 - Type Confusion vulnerability in Huawei Mate 30 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

huawei

CWE-843

NVD

Published: 2020-07-06

Updated: 2020-07-09

Summary

HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution.

Vulnerable Configurations

Part	Description	Count
OS	Huawei Huawei Mate 30 Firmware - Huawei Mate 30 Firmware 10.0.0.182\(C00E180R6P2\) Huawei Mate 30 Firmware 10.0.0.203\(C00E201R7P2\) Huawei Mate 30 Firmware 10.0.0.203\(C00E202R7P2\) Huawei Mate 30 Firmware 10.0.0.205\(C00E201R7P2\) Huawei Mate 30 Firmware 10.1.0.126\(C00E125R5P3\)	6
Hardware	Huawei Huawei Mate 30 -	1

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-05-smartphone-en