Sign-up

ID

VAR-202001-1011


CVE

CVE-2020-1826


TITLE

Huawei Honor Magic2 Mobile Phone Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001323

DESCRIPTION

Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root permission may exploit the vulnerability to obtain some information. Huawei Honor Magic 2 is a smartphone from China's Huawei. The vulnerability stems from the use of weaker encryption tools by the program

Trust: 2.16

sources: NVD: CVE-2020-1826 // JVNDB: JVNDB-2020-001323 // CNVD: CNVD-2020-02176

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-02176

AFFECTED PRODUCTS

vendor:huaweimodel:honor magic2scope:ltversion:10.0.0.175\(c00e59r2p11\)

Trust: 1.0

vendor:huaweimodel:honor magic 2scope:ltversion:10.0.0.175(c00e59r2p11)

Trust: 0.8

vendor:huaweimodel:honor magic <=10.0.0.175scope:eqversion:2

Trust: 0.6

vendor:huaweimodel:honor magic2scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2020-02176 // JVNDB: JVNDB-2020-001323 // CNNVD: CNNVD-202001-267 // NVD: CVE-2020-1826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1826
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-1826
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-02176
value: LOW

Trust: 0.6

CNNVD: CNNVD-202001-267
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2020-1826
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-02176
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-1826
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-1826
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-02176 // JVNDB: JVNDB-2020-001323 // CNNVD: CNNVD-202001-267 // NVD: CVE-2020-1826

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2020-001323 // NVD: CVE-2020-1826

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202001-267

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001323

PATCH
title:huawei-sa-20200108-01-smartphoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-phone-en
Trust: 0.8
title:Patch for Huawei Honor Magic 2 Information Disclosure Vulnerability (CNVD-2020-02176)url:https://www.cnvd.org.cn/patchInfo/show/197017
Trust: 0.6
title:Huawei Honor Magic 2 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108368
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02176 // 
            
            
            
            JVNDB: JVNDB-2020-001323 // 
            
            
            
            CNNVD: CNNVD-202001-267

EXTERNAL IDS
db:NVDid:CVE-2020-1826
Trust: 3.0
db:JVNDBid:JVNDB-2020-001323
Trust: 0.8
db:CNVDid:CNVD-2020-02176
Trust: 0.6
db:CNNVDid:CNNVD-202001-267
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-02176 // 
            
            
            
            JVNDB: JVNDB-2020-001323 // 
            
            
            
            CNNVD: CNNVD-202001-267 // 
            
            
            
            NVD: CVE-2020-1826

REFERENCES
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200108-01-phone-cn
Trust: 1.2
url:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-phone-en
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1826
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-1826
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-02176 // 
            
            
            
            JVNDB: JVNDB-2020-001323 // 
            
            
            
            CNNVD: CNNVD-202001-267 // 
            
            
            
            NVD: CVE-2020-1826

CREDITS
Huawei
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-267

SOURCES
db:CNVDid:CNVD-2020-02176
db:JVNDBid:JVNDB-2020-001323
db:CNNVDid:CNNVD-202001-267
db:NVDid:CVE-2020-1826

LAST UPDATE DATE
2024-11-23T22:29:47.943000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-02176date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001323date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-267date:2020-01-09T00:00:00
db:NVDid:CVE-2020-1826date:2024-11-21T05:11:26.610

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-02176date:2020-01-14T00:00:00
db:JVNDBid:JVNDB-2020-001323date:2020-01-31T00:00:00
db:CNNVDid:CNNVD-202001-267date:2020-01-08T00:00:00
db:NVDid:CVE-2020-1826date:2020-01-09T17:15:12.447