ID

VAR-202001-0898


CVE

CVE-2020-1785


TITLE

plural Huawei Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-001010

DESCRIPTION

Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone. plural Huawei The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei Honor V10 and other products are products of Huawei of China. Huawei Honor V10 is a smartphone product. Huawei Honor 10 is a smartphone product. Mate 10 Pro is a smartphone

Trust: 2.16

sources: NVD: CVE-2020-1785 // JVNDB: JVNDB-2020-001010 // CNVD: CNVD-2020-02948

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02948

AFFECTED PRODUCTS

vendor:huaweimodel:honor <9.1.0.350scope:eqversion:10

Trust: 2.4

vendor:huaweimodel:mate pro <9.1.0.321scope:eqversion:10

Trust: 1.2

vendor:huaweimodel:honor 10scope:ltversion:9.1.0.350\(c10e5r1p14t8\)

Trust: 1.0

vendor:huaweimodel:nova 4scope:ltversion:9.1.0.225\(c636e1r4p1\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:9.1.0.351\(c432e5r1p13t8\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:9.1.0.333\(c00e333r2p1t8\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:9.1.0.321\(c605e4r1p13t8\)

Trust: 1.0

vendor:huaweimodel:honor 10scope:ltversion:9.1.0.350\(c461e3r1p11t8\)

Trust: 1.0

vendor:huaweimodel:honor 10scope:ltversion:9.1.0.350\(c636e3r1p13t8\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:9.1.0.330\(c432e6r1p12t8\)

Trust: 1.0

vendor:huaweimodel:honor 10scope:ltversion:9.1.0.350\(c185e3r1p12t8\)

Trust: 1.0

vendor:huaweimodel:mate 10 proscope:ltversion:9.1.0.321\(c636e4r1p14t8\)

Trust: 1.0

vendor:huaweimodel:honor v10scope:ltversion:9.1.0.350\(c636e4r1p13t8\)

Trust: 1.0

vendor:huaweimodel:honor 10scope:ltversion:9.1.0.351\(c432e5r1p13t8\)

Trust: 1.0

vendor:huaweimodel:honor v10scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor 10scope: - version: -

Trust: 0.8

vendor:huaweimodel:mate 10 proscope: - version: -

Trust: 0.8

vendor:huaweimodel:nova 4scope: - version: -

Trust: 0.8

vendor:huaweimodel:honor <9.1.0.333scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:mate pro <9.1.0.330scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:honor <9.1.0.350scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor <9.1.0.351scope:eqversion:v10

Trust: 0.6

vendor:huaweimodel:honor <9.1.0.351scope:eqversion:10

Trust: 0.6

vendor:huaweimodel:nova <9.1.0.225scope:eqversion:4

Trust: 0.6

sources: CNVD: CNVD-2020-02948 // JVNDB: JVNDB-2020-001010 // NVD: CVE-2020-1785

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1785
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1785
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-02948
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-042
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-1785
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02948
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1785
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-1785
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02948 // JVNDB: JVNDB-2020-001010 // CNNVD: CNNVD-202001-042 // NVD: CVE-2020-1785

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2020-001010 // NVD: CVE-2020-1785

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-042

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-042

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001010

PATCH

title:huawei-sa-20200102-03-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en

Trust: 0.8

title:Patch for Multiple Huawei Product Denial of Service Vulnerabilities (CNVD-2020-02948)url:https://www.cnvd.org.cn/patchInfo/show/197037

Trust: 0.6

title:Multiple Huawei Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106566

Trust: 0.6

sources: CNVD: CNVD-2020-02948 // JVNDB: JVNDB-2020-001010 // CNNVD: CNNVD-202001-042

EXTERNAL IDS

db:NVDid:CVE-2020-1785

Trust: 3.0

db:JVNDBid:JVNDB-2020-001010

Trust: 0.8

db:CNVDid:CNVD-2020-02948

Trust: 0.6

db:CNNVDid:CNNVD-202001-042

Trust: 0.6

sources: CNVD: CNVD-2020-02948 // JVNDB: JVNDB-2020-001010 // CNNVD: CNNVD-202001-042 // NVD: CVE-2020-1785

REFERENCES

url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200102-03-smartphone-en

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1785

Trust: 1.4

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200102-03-smartphone-cn

Trust: 1.2

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1785

Trust: 0.8

sources: CNVD: CNVD-2020-02948 // JVNDB: JVNDB-2020-001010 // CNNVD: CNNVD-202001-042 // NVD: CVE-2020-1785

CREDITS

Fudan University SONIC Laboratory Wei Junyi at the Chinese University of Hong Kong TIIC Found in the laboratory. Huawei thanks the researcher for cooperating with us to disclose the vulnerability to protect Huawei's customers.

Trust: 0.6

sources: CNNVD: CNNVD-202001-042

SOURCES

db:CNVDid:CNVD-2020-02948
db:JVNDBid:JVNDB-2020-001010
db:CNNVDid:CNNVD-202001-042
db:NVDid:CVE-2020-1785

LAST UPDATE DATE

2024-11-23T23:04:33.679000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-02948date:2020-01-21T00:00:00
db:JVNDBid:JVNDB-2020-001010date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-042date:2021-07-09T00:00:00
db:NVDid:CVE-2020-1785date:2024-11-21T05:11:22.573

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-02948date:2020-01-20T00:00:00
db:JVNDBid:JVNDB-2020-001010date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-202001-042date:2020-01-02T00:00:00
db:NVDid:CVE-2020-1785date:2020-01-03T15:15:12.070